bbffa273d4
13 changes to exploits/shellcodes/ghdb TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection Atlassian Confluence < 8.5.3 - Remote Code Execution Backdrop CMS 1.23.0 - Stored XSS Gibbon LMS < v26.0.00 - Authenticated RCE Quick.CMS 6.7 - SQL Injection Login Bypass TYPO3 11.5.24 - Path Traversal (Authenticated) WEBIGniter v28.7.23 - Stored XSS WordPress File Upload Plugin < 4.23.3 - Stored XSS xbtitFM 4.1.18 - Multiple Vulnerabilities ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
14 lines
No EOL
495 B
Text
14 lines
No EOL
495 B
Text
# Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field
|
|
# Date: 2023-08-21
|
|
# Exploit Author: Sinem Şahin
|
|
# Vendor Homepage: https://backdropcms.org/
|
|
# Version: 1.23.0
|
|
# Tested on: Windows & XAMPP
|
|
|
|
==> Tutorial <==
|
|
|
|
1- Go to the following url. => http://(HOST)/backdrop/node/add/post
|
|
2- Write your xss payload in the body of the post. Formatting options should be RAW HTML to choose from.
|
|
3- Press "Save" button.
|
|
|
|
XSS Payload ==> "<script>alert("post_body")</script> |