Chevereto 3.17.1 – Cross Site Scripting (Stored)

• Exploit Database
• 12 阅读

• 作者： Akıner Kısa
  日期： 2021-05-12
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49859/

• # Exploit Title: Chevereto 3.17.1 - Cross Site Scripting (Stored)
  # Google Dork: "powered by chevereto"
  # Date: 19.04.2021
  # Exploit Author: Akıner Kısa
  # Vendor Homepage: https://chevereto.com/
  # Software Link: https://chevereto.com/releases
  # Version: 3.17.1
  # Tested on: Windows 10 / Xampp
  
  Proof of Concept:
  
  1. Press the Upload image button and upload any image.
  2. After uploading the image, press the pencil icon on the top right of the image and write "><svg/onload=alert(1)> instead of the title.
  3. Upload the picture and go to the picture address.