Composr CMS 10.0.34 – ‘banners’ Persistent Cross Site Scripting

• Exploit Database
• 34 阅读

• 作者： Parshwa Bhavsar
  日期： 2020-12-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49190/

• # Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
  # Date: 3-12-2020
  # Exploit Author: Parshwa Bhavsar
  # Vendor Homepage: https://compo.sr/
  # Software Link: https://compo.sr/download.htm
  # Version: 10.0.34
  # Tested on: Windows 10/ Kali Linux
  
  Steps To Reproduce :-
  
  1. Install the CMS from the download link & configure it.
  2. After configuration login with admin Credential .
  3. You will notice “Add banner” in the top of the browser.
  4. Click on it and Put XSS payload (any) in “Description” field.
  5. Save it & Click on Home.
  6. Every time any user visit the website , the XSS payload will trigger.