Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 51 lines (29 sloc) 1.24 KB

app: https://github.com/sharpless/rincewind

Cross-site scripting (XSS) vulnerability because the parameter p=account of index.php and another file named commonPages.php can help xss the app in rincewind cms before 2011-2-20

0x001 first Setting up Test Environment

  • php
  • mysql
  • apache2
  • ubuntu

To install:

  1. Download the zip-file, or clone the repository
  2. Copy config-template.php to config.php
  3. Edit config.php to match your database settings
  4. Optional: add or remove links in the $meny-array
  5. Change WS_TITLE to whatever you like
  6. Create the database you want to use, if it doesn't exist
  7. Go to the ?p=install page on the site.

0x002 xss

choose Ja and Click Installera the database will be reset by default sql data of folder sql/*.php

mikael and hemligt

login the app use mikael and hemligt

Click your username ,here is mikael

change Namn: form to 1" autofocus onfocus=alert(1)// and press ENTER

you will always see this alert in the screen , just reset! :)

You can’t perform that action at this time.