CMSuno 1.7 – ‘tgo’ Stored Cross-Site Scripting (XSS) (Authenticated)

• Exploit Database
• 37 阅读

• 作者： splint3rsec
  日期： 2021-08-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50179/

• # Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)
  # Date: 03-08-2021
  # Exploit Author: splint3rsec
  # Vendor Homepage: https://github.com/boiteasite
  # Software Link: https://github.com/boiteasite/cmsuno
  # Affected Version(s): CMSuno 1.7 (and prior)
  # CVE : CVE-2021-36654
  
  CMSuno version 1.7 and prior is vulnerable to a stored cross-site scripting.
  
  The attacker must be authenticated to exploit the vulnerability.
  
  The payload injection is done while updating the template's image filename, vulnerable parameter is *tgo*
  
  Steps to reproduce:
  
  1. Go to /uno.php and click on *plugins*
  2. Click on *Logo*
  3. Choose a random picture in your files repo, click on save and intercept the request
  4. Edit the POST request to /uno/template/uno1/uno1.php by modifying the tgo parameter's value to ")}</style><script>VULN JS CODE HERE</script>
  5. Forward the request and click on *publish*
  6. Click on *See the website*
  7. XSS