Textpattern CMS 4.9.0-dev – ‘Excerpt’ Persistent Cross-Site Scripting (XSS)

Exploit Database
81 阅读

作者： Tushar Vaidya

日期： 2021-03-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49617/

# Exploit Title:Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
# Date: 2021-03-04
# Exploit Author: Tushar Vaidya
# Vendor Homepage: https://textpattern.com
# Software Link: https://textpattern.com/start
# Version: v 4.9.0-dev
# Tested on: Windows

Steps-To-Reproduce:
1. Login into Textpattern CMS admin panel.
2. Now go to the *Content > Write > ** Excerpt*.
3. Now paste the below payload in the URL field.

Ba1man”><img src=x onerror=confirm(document.cookie)>

4. Now click on the *Save* button.
5. Now go to the *articles* page
5. The XSS will be triggered.

last Exploits
Textpattern CMS 4.9.0-dev – ‘Excerpt’ Persistent Cross-Site Scripting (XSS)的更多信息

PHP-Nuke 8.1 SEO Arabic – Remote File Inclusion：
DiamondList 0.1.6 – Cross-Site Request Forgery：
webid 1.0.4 – Multiple Vulnerabilities：
File Upload Manager 1.3 – Web Shell File Upload：
MyBB 1.8.13 – Remote Code Execution：
Cobub Razor 0.8.0 – SQL injection：
SyncBreeze 10.0.28 – ‘login’ Denial of Service (Poc)：
ClickGallery Server – SQL Injection：