Subrion CMS 4.2.1 – Cross-Site Scripting

• Exploit Database
• 16 阅读

• 作者： Zeel Chavda
  日期： 2018-08-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45150/

• # Exploit Title: [Subrion CMS- 4.2.1 XSS (Using component with known
  Vulnerability)]
  # Date: [02-08-2018]
  # Exploit Author: [Zeel Chavda]
  # Vendor Homepage: [https://subrion.org/]
  # Software Link: [https://subrion.org/download/]
  # Version: [4.2.1] (REQUIRED)
  # Tested on: [Windows,FireFox]
  # CVE : [CVE-2018-14840]
  
  Steps: -
  
  1. Create a file with XSS payload.
  2. Save it with .html extension.
  3. Upload via CKEditor manager and execute "file.html".
  
  Reference: -
  https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47