Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
executable file 51 lines (29 sloc) 1.24 KB

app: https://github.com/sharpless/rincewind

Cross-site scripting (XSS) vulnerability because the parameter p=account of index.php and another file named commonPages.php can help xss the app in rincewind cms before 2011-2-20

0x001 first Setting up Test Environment

  • php
  • mysql
  • apache2
  • ubuntu

To install:

  1. Download the zip-file, or clone the repository
  2. Copy config-template.php to config.php
  3. Edit config.php to match your database settings
  4. Optional: add or remove links in the $meny-array
  5. Change WS_TITLE to whatever you like
  6. Create the database you want to use, if it doesn't exist
  7. Go to the ?p=install page on the site.

0x002 xss

choose Ja and Click Installera the database will be reset by default sql data of folder sql/*.php

mikael and hemligt

login the app use mikael and hemligt

Click your username ,here is mikael

change Namn: form to 1" autofocus onfocus=alert(1)// and press ENTER

you will always see this alert in the screen , just reset! :)