Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Bludit Authenticated Stored Cross-Site Scripting(XSS)

Description

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Bludit CMS does not filter the content correctly at the "new content" module, resulting in the generation of stored XSS.

Affects CMS

Bludit CMS v3.13.1

https://www.bludit.com/

Author

webraybtl@webray.com.cn inc

Proof of Concept

  1. Login the CMS.

  2. Open Page http://127.0.0.1:8086/admin/new-content

  3. Put XSS payload (<script>alert(1)</script>) in the content box and click on save to publish the page

    image

  4. Use "burp" to capture and change packages

    image

    image

  5. Viewing the successfully published page,We can see the alert.

    image

    image