a8cb58b3e5
5 changes to exploits/shellcodes PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated) Prestashop blockwishlist module 2.1.0 - SQLi Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS) ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS) ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
17 lines
No EOL
622 B
Text
17 lines
No EOL
622 B
Text
# Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
|
|
# Date: 02-08-2022
|
|
# Exploit Author: Shivam Singh
|
|
# Vendor Homepage: https://feehi.com/
|
|
# Software Link: https://github.com/liufee/cms
|
|
#Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/
|
|
# Version: 2.1.1 (REQUIRED)
|
|
# Tested on: Linux, Windows, Docker
|
|
# CVE : CVE-2022-34140
|
|
|
|
|
|
# Proof of Concept:
|
|
1-Sing-up https://localhost.cms.feehi/
|
|
2-Inject The XSS Payload in Username:
|
|
"><script>alert(document.cookie)</script> fill all required fields and
|
|
click the SignUp button
|
|
3-Login to Your Account, Go to any article page then XSS will trigger. |