Hi all,
Yet another bug found, in the silverstripe CMS. 🙂
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS
* Persistent XSS vulnerability
The page title module of this CMS is vulnerable to persistent XSS.
Exploit:
PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/
Greets to side-effects and Taashu 🙂