Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Campsite CMS remote Persistent XSS vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Campsite CMS
by:
D4rk357
3.3
CVSS
LOW
Persistent XSS
79
CWE
Product Name: Campsite CMS
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Campsite CMS remote Persistent XSS vulnerability

The vulnerability allows an attacker to inject malicious scripts into the website by exploiting the Campsite CMS. The attacker can achieve this by logging in as an admin and going to the administration section, specifically the articles editing option. In the heading or content section, the attacker can insert the following script: <marquee><h1>XSS3d By D4rk357</h1><marquee>. Another method for exploiting this vulnerability is for a user to upload a persistent XSS while submitting an article on the website using the same method.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Campsite CMS to the latest version. Additionally, input validation and output encoding should be implemented to prevent the execution of malicious scripts.
Source

Exploit-DB raw data:

#################################################################
# Exploit Title: Campsite CMS remote Persistent XSS vulnerability
# Date: 15th july 2010
# Author: D4rk357
# Critical:Low
# Contact:bd4rk357[at]yahoo[dot]in
# Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18
# Greetz to:bb0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
# Shoutz to: http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
##############################################################################

Login as Admin into the website .

GO to administration>Articles>Edit articles or any other option .

In heading or content type <marquee><h1>XSS3d By D4rk357</h1><marquee> .
  
  On the other hand a user using this CMS can upload a persistent XSS in this site while 
  submitting a article using same method. 
  
 ##################################################################################
 #D4rk357

Navigation

Suggest Exploit

Services By CQR