Sunday 9 November 2014

X3 CMS XSS And CSRF "CVE-2014-8771 , CVE-2014-8772"


Hello all friends , today i am disclosing the issue which i found in X3CMS ( 0.5.1 & 0.5.1.1 )

So Here Is The X3 CMS XSS And CSRF



There were two vulnerabilities ,

    1.) CSRF
    2.) Reflected XSS [POST]

There were a xss in X3CMS ( 0.5.1 & 0.5.1.1 ) on "search" parameter which only exploitable by an authenticated user ( Post XSS ) ,

Sunday 2 November 2014

Modx XSS And CSRF Bypass "CVE-2014-8773 , CVE-2014-8774 , CVE-2014-8775"


Modx XSS And CSRF Bypass


Hello all Bro`s :) ;) , Leets and learners , Hope you all are well and enjoying your bounties as well as ;)

Today we will see how i got Modx XSS And CSRF Bypass ( Modx CSRF + XSS = A Perfect Disaster  ) ;)

Attacker Scenario Is Inspired From Symantec CSRF

So What Is Modx

MODX is the web content management system (CMS) that gives you complete control over your site and content, with the flexibility and scalability