############################################################################ #Title: DBHcms 1.1.4 Stored XSS # #Vendor: http://www.drbenhur.com # #Dork: "powered by DBHcms" # ############################################################################ #AUTHOR: ITSecTeam # #Email: Bug@ITSecTeam.com # #Website: http://www.itsecteam.com # #Forum : http://forum.ITSecTeam.com # #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability50.htm #Thanks: r3dm0v3 [r3dm0v3_at_ymail.com], Pejvak, am!rkh@n # ############################################################################ #DESCRIPTION (by vendor):################################################### The DBHcms is a small free Open Source content management system for personal and small business websites.` #Stored XSS POC:######################################################################## goto guestbook and post any script as name! #Non-persistent XSS POC:################################################################### goto search and query this string: "><script>alert(1)</script>
Related Exploits
Trying to match OSVDBs (1): 64267Trying to match setup file: 8921d925494889f7ad9ce3f21d7c3e87
Other Possible E-DB Search Terms: DBHcms 1.1.4, DBHcms
Date | D | V | Title | Author |
---|---|---|---|---|
2008-02-25 |
![]() |
DBHcms 1.1.4 - 'code' Remote File Inclusion | Iron | |
2009-12-26 |
![]() |
DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion | Gamoscu | |
2010-10-24 |
![]() |
DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection | ZonTa | |
2010-10-27 |
![]() |
DBHcms 1.1.4 - 'dbhcms_user/SearchString' SQL Injection | High-Tech B... |