header-logo
Suggest Exploit
vendor:
AWCM
by:
_84kur10_
7.5
CVSS
HIGH
Persistent Cross Site Scripting
79
CWE
Product Name: AWCM
Affected Version From: v2.2
Affected Version To: v2.2
Patch Exists: N/A
Related CWE: N/A
CPE: awcm
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

AWCM v2.2 final Persistent Cross Site Script

Register a new user, go to the main panel in http://[url]/awcm/member_cp.php, edit the avatar and put 'onmouseover='alert(document.cookie)'><!--. Each time the area of the avatar is hovered over, an alert will appear, allowing for the stealing of cookies.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: AWCM v2.2 final Persistent Cross Site Script
# Date: 13-02-2011
# Author:_84kur10_
# Software Link: www.awcm-cms.com
# Version: v2.2
# CVE :
# Contact: 84kur10[at]gmail.com
# Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4

http://sourceforge.net/projects/awcm/files/

Register a new user, go to your main panel in
http://[url]/awcm/member_cp.php, edit your avatar and put:

" onmouseover="alert(document.cookie)"><!--

Each that hovered over the area of avatar, jump our alert. we could
make some adjustments to make stealing a cookies.

Navigation

Suggest Exploit

Services By CQR