CVE-2021-39609
Description:
Cross-Site Scripting (XSS SVG - Stored - PWNED PHPSESSID RCE) vulnerability exists in FlatCore-CMS 2.0.7 via the upload image function. When the malicious user tricks the administrator of the CMS system to upload the malicious SVG file, then he can be already executed this code from everywhere on the internet, and things will be more worst than ever for the owner of this CMS system! ;)
@nu11secur1ty
PHPSESSID PWNED:
-
-
- Proof:
-
- [+] https://streamable.com/9aj8o6
XSS SVG - Stored:
-
-
- Proof:
-
- [+] https://streamable.com/p13hgj
Structure and tactic of the attack:
-
-
- FOR A LOT OF PEOPLE WHO DON'T REALLY
UNDERSTANDTHE PROBLEM!
- FOR A LOT OF PEOPLE WHO DON'T REALLY
-
-
- Trick the admin of the CMS system to upload the malicious
SVGfile.
- Trick the admin of the CMS system to upload the malicious
-
- Execute your code remotely - RCE, example: https://targetdomain.com/flatCore-CMS-2.0.7/content/images/pic.svg
-
- Get
PHPSESSIDand exploit the victim :D ;)
- Get
-
-
- Good luck :D ;)
-
Discusion:
-
-
- [+] href
-