BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： Ömer Hasan Durmuş
  日期： 2021-04-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49779/

• # Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
  # Date: 04/07/2021
  # Exploit Author: Ömer Hasan Durmuş
  # Vendor Homepage: https://blackcat-cms.org/
  # Software Link: https://blackcat-cms.org/page/download.php
  # Version: BlackCat CMS - 1.3.6
  
  Step 1 : Login to admin account in http://TARGET/backend/start/index.php
  Step 2 : Then click on the "Addons"
  Step 3 : Click on "Create new"
  Step 4 : Input "<script>alert(1)</script>" in the field "Module / language name"
  Step 5 : Update or visit new page.
  
  Step 1 : Login to admin account in http://TARGET/backend/start/index.php
  Step 2 : Then click on the "Access"
  Step 3 : Click on "Manage groups"
  Step 4 : Input "<script>alert(1)</script>" in the field "Group name" and click "Add group"
  Step 5 : Update or visit new page.