8a32e340d5
8 changes to exploits/shellcodes/ghdb Sitefinity 15.0 - Cross-Site Scripting (XSS) appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated) CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated) Dotclear 2.29 - Remote Code Execution (RCE) Monstra CMS 3.0.4 - Remote Code Execution (RCE) Serendipity 2.5.0 - Remote Code Execution (RCE) WBCE CMS v1.6.2 - Remote Code Execution (RCE)
23 lines
No EOL
890 B
Text
23 lines
No EOL
890 B
Text
# Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)
|
|
# Date: 2023-12-05
|
|
# Exploit Author: Aldi Saputra Wahyudi
|
|
# Vendor Homepage: https://www.progress.com/sitefinity-cms
|
|
# Version: < 15.0.0
|
|
# Tested on: Windows/Linux
|
|
# CVE : CVE-2023-27636
|
|
|
|
# Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor
|
|
|
|
# Steps To Reproduce:
|
|
|
|
Attacker as lower privilege
|
|
Victim as Higher privilege
|
|
|
|
1. Login as an Attacker
|
|
2. Go to the function using the SF Editor, go to the news page as example
|
|
3. Create or Edit news item
|
|
4. On the content form, insert the XSS payload as HTML
|
|
5. After the payload is inserted, click on the content form (just click) and publish or save
|
|
6. If the victim visits the page with XSS payload, XSS will be triggered
|
|
|
|
Payload: <noalert><iframe src="javascript:alert(document.domain);"> |