Dijitals CMS suffers from cross site scripting vulnerabilities.
981d0da6b7038d7b129309c5037ffbdb6440a403e72829878214d3f1a3a327f4# Exploit Title: Dijitals CMS XSS Vulnerabilities
# Date: 10.06.2010
# Author: Valentin
# Category: webapps/0day
# Version: latest version
# Tested on:
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Dijitals CMS XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Dijitals CMS
Vendor = Dijitals
Vendor Website = http://www.dijitals.com/
Affected Version(s) = latest version
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> XSS
All input fields are vulnerable, e.g. search boxes and forms. The login box
of the admin panel is also exposed to XSS attacks.
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 10.06.2010
Several filters try to avoid XSS, SQL injection and local + remote file inclusions.
The XSS filters can be tricked by e.g. using String.fromCharCode.
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = hack0wn, JosS
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed