33 lines
No EOL
1.1 KiB
Text
33 lines
No EOL
1.1 KiB
Text
# Exploit Title: KirbyCMS <2.5.7 Stored Cross Site Scripting
|
|
# Vendor Homepage: https://getkirby.com/
|
|
# Software Link: https://getkirby.com/try
|
|
# Discovered by: Ishaq Mohammed
|
|
# Contact: https://twitter.com/security_prince
|
|
# Website: https://about.me/security-prince
|
|
# Category: webapps
|
|
# Platform: PHP
|
|
# CVE: CVE-2017-16807
|
|
|
|
1. Description
|
|
|
|
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
|
|
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16807
|
|
|
|
2. Proof of Concept
|
|
|
|
Steps to Reproduce:
|
|
Log in as an Editor and click on Site Options
|
|
Add the malicious .svg file which contains the javascript to the Site
|
|
Login to another browser with Admin Credentials.
|
|
Click on Site Options.
|
|
Click on the newly added .svg file
|
|
|
|
3. Reference
|
|
|
|
https://securityprince.blogspot.in/2017/11/cve-2017-16807-kirby-cms-257-cross-site.html
|
|
https://getkirby.com/changelog/kirby-2-5-7
|
|
|
|
4. Solution
|
|
|
|
The vulnerability is patched by the vendor in the version 2.5.7. |