silverstripe CMS persistent XSS vulnerabilties

By | January 28, 2012

Hi all,

Yet another bug found, in the silverstripe CMS. 🙂
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS

* Persistent XSS vulnerability

The page title module of this CMS is vulnerable to persistent XSS.

Exploit:

PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/

Greets to side-effects and Taashu 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × five =