Description:
I found Stored Cross-site scripting (XSS) vulnerability in your Bludit - Flat-File CMS (v3.14.1) on "General" settings to "Logo" field. When I send malicious code use svg file after then the browser give me result.
The text was updated successfully, but these errors were encountered:
rahadchowdhury
changed the title
Stored XSS Vulnerability on Bludit v3.14.1
Stored XSS using SVG file Vulnerability on Bludit v3.14.1
Apr 14, 2023
rahadchowdhury
changed the title
Stored XSS using SVG file Vulnerability on Bludit v3.14.1
Stored XSS via SVG file Vulnerability on Bludit v3.14.1
Apr 14, 2023
Description:
I found Stored Cross-site scripting (XSS) vulnerability in your Bludit - Flat-File CMS (v3.14.1) on "General" settings to "Logo" field. When I send malicious code use svg file after then the browser give me result.
CMS Version:
v3.14.1
Affected URL:
http://127.0.0.1/bludit/admin/settings
Steps to Reproduce:
POST /bludit/admin/ajax/logo-upload HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0
Content-Type: multipart/form-data; boundary=---------------------------15560729415644048492005010998
Referer: http://127.0.0.1/bludit/admin/settings
Cookie: BLUDITREMEMBERUSERNAME=admin; BLUDITREMEMBERTOKEN=139167a80807781336bc7484552bc985; BLUDIT-KEY=tmap19d0m813e8rqfft8rsl74i
Content-Length: 651
-----------------------------15560729415644048492005010998
Content-Disposition: form-data; name="tokenCSRF"
626c201693546f472cdfc11bed0938aab8c6e480
-----------------------------15560729415644048492005010998
Content-Disposition: form-data; name="inputFile"; filename="xss.svg"
Content-Type: image/svg+xml
-----------------------------15560729415644048492005010998--
Proof of Concept:
You can see the Proof of Concept. Which I've attached screenshots and video to confirm the vulnerability.
poc.mp4
Impact:
Attackers can make use of this to conduct attacks like phishing, steal sessions etc.
Let me know if any further info is required.
Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury/
The text was updated successfully, but these errors were encountered: