eSolve CMS Cross Site Scripting

All websites using eSolve – CMS is vulnerable to the XSS attack.

Please contact your web developer to resolve this asap.

We have not determined what other vulnerabilities exist in this application as of yet and will be doing testing soon and report back.

Sincerely.
Gerhard

Like  ·

Profile picture of Gerhard De Villiers-Mohr

Sep 27, 2017

Check you websites for Cross Site Scripting
Exploit Title : eSolve CMS Cross Site Scripting

Iranian hacker groups Ashiyane Digital Security Team

Hacked by Mohammads

The below link shows South African websites defaced by these hackers.
https://cxsecurity.com/issue/WLB-2016020049

Using a google dork: inurl:”getmodule.php?id=”
Then using the following: .php&msg=”

Another list of websites defaced by this group internationally.
http://www.zone-h.org/archive/notifier=Ashiyane%20Digital%20Security%20Team

One of the most well-known Iranian hacker groups Ashiyane Digital Security Team (aka Ashiyane Security Group) are well-known for high profile attacks against Mossad and FBI websites, among others. Even Iran’s ally, China, isn’t exempt from these attacks. The very same week that I published “Stuxnet’s Finnish – Chinese Connection”, members of the Ashiyane crew were attacking Chinese government websites and posting their defacement at Zone-h.org. Whether it was a direct result of my article or a bizarre coincidence isn’t clear.

Full article below:

Leave a reply