app: https://github.com/sharpless/rincewind
Cross-site scripting (XSS) vulnerability because the parameter p=account of index.php and another file named commonPages.php can help xss the app in rincewind cms before 2011-2-20
0x001 first Setting up Test Environment
- php
- mysql
- apache2
- ubuntu
To install:
- Download the zip-file, or clone the repository
- Copy config-template.php to config.php
- Edit config.php to match your database settings
- Optional: add or remove links in the $meny-array
- Change WS_TITLE to whatever you like
- Create the database you want to use, if it doesn't exist
- Go to the ?p=install page on the site.
0x002 xss
choose Ja and Click Installera the database will be reset by default sql data of folder sql/*.php
mikael and hemligt
login the app use mikael and hemligt
Click your username ,here is mikael
change Namn: form to 1" autofocus onfocus=alert(1)// and press ENTER
you will always see this alert in the screen , just reset! :)






