LightCMS 1.3.4 – ‘exclusive’ Stored XSS

• Exploit Database
• 35 阅读

• 作者： Peithon
  日期： 2021-02-26
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49598/

• # Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS
  # Date: 25/02/2021
  # Exploit Author: Peithon
  # Vendor Homepage: https://github.com/eddy8/LightCMS
  # Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4
  # Version: 1.3.4
  # Tested on: latest version of Chrome, Firefox on Windows and Linux
  # CVE: CVE-2021-3355
  
  An issue was discovered in LightCMS v1.3.4.(https://github.com/eddy8/LightCMS/issues/18) There is a stored-self XSS, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords.
  
  --------------------------Proof of Concept-----------------------
  
  1. Log in to the background.
  
  2. Navigate to System -> `/admin/SensitiveWords/create` & add the below-shared payload as the exclusive field value. Payload - </span><img src=1 onerror=alert(1) /><span>
  
  3. Visit page `/admin/SensitiveWords`, the payload will be triggered.