Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

EmpireCMS 7.5 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#empirecms#xss
Description

What is "EmpireCMS 7.5 - Cross-Site Scripting?"

The "EmpireCMS 7.5 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in EmpireCMS version 7.5. EmpireCMS is a content management system that allows users to create and manage websites. This vulnerability has a high severity level, indicating that it can potentially lead to unauthorized access, data theft, or other malicious activities.

Impact

A successful exploitation of the cross-site scripting vulnerability in EmpireCMS 7.5 can allow an attacker to inject and execute malicious scripts on the affected website. This can lead to various consequences, including:

- Data theft: Attackers can steal sensitive user information, such as login credentials, personal data, or financial details. - Session hijacking: By injecting malicious scripts, attackers can hijack user sessions and impersonate legitimate users. - Defacement: Attackers can modify the appearance and content of the website, potentially damaging its reputation. - Malware distribution: Exploiting the vulnerability can enable attackers to distribute malware to website visitors.

How the module works?

The "EmpireCMS 7.5 - Cross-Site Scripting" module works by sending a specific HTTP request to the target website and analyzing the response. It looks for two matching conditions:

    - Matching Condition 1: The response contains the string "onmousewheel=\"return bbimg(this)\"" which indicates the presence of a potential cross-site scripting vulnerability. - Matching Condition 2: The response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability, allowing website administrators to take appropriate actions to mitigate the risk.

Example HTTP request sent by the module:

GET /e/ViewImg/index.html?url=javascript:alert(document.domain)

Note: This is a simplified example to demonstrate the concept. The actual module may include additional requests and matching conditions.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/e/ViewImg/index.htm...
Matching conditions
word: onmousewheel=\"return bbimg(this)\"and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability