JAK CONTENT MANAGEMENT SYSTEM PRO Persistent Cross-site Scripting



EKU-ID: 1101 CVE: OSVDB-ID:
Author: Sid3^effects aKa HaRi Published: 2011-10-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0     _                   __           __       __                     1
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
#1                  \ \____/ >> Exploit database separated by exploit   0
#0                   \/___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #############################################          1
#0                I'm Sid3^effects member from Inj3ct0r Team            1
#1               #############################################          0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Application:JAK CONTENT MANAGEMENT SYSTEM PRO Persistent Cross-site Scripting
Date:26/9/2011
Vendor URL:http://www.jakcms.com
Google Dork:Powered by JAKCMS
Author:Sid3^effects aKa HaRi
Contact:shell_c99@yahoo.com
#Big hugs : Th3 RDX,Sugar
#special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,SeeMe,MaYur,MA1201,Sonic,gunslinger_,Sn!pEr.S!,cr1m1n4l
###############################################################################################################
Desc:
Our content managament system PRO is made for professional websites any kind. Content publishing, Forum, Blog, Events, Gallery, Tags, News, Newsletter, Search, Security and more - the PRO has it all. CMS PRO is the choice for people who are serious about creating thriving online
###############################################################################################################

Vulnerability:Persistent Cross-site Scripting.
Attackers can send crafted messages(PM) to other users and can be used to infect or steal information..For example by sending malicious codes using iframe.
###############################################################################################################

Fix:

http://www.jakcms.com/userfiles/1/security_fix_iframe_o_691878.zip

###############################################################################################################
Disclosure timeline:

22/09/2011-Vulnerability discovered and reported to the vendor
22/09/2011-Vendor responded.
23/09/2011-Patch released.
23/09/2011-Public disclosure

###############################################################################################################