Neoflex Movie Subscription Portal Cms v1.2 Stored XSS Injection

2019.04.23
ru QUIXSS (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] :: Title: Neoflex Movie Subscription Portal CMS v1.2 Stored XSS Injection [*] :: Author: QUIXSS [*] :: Date: 2019-04-23 [*] :: Software: Neoflex Movie Subscription Portal CMS v1.2 [?] :: Technical Details & Description: # Weak security measures like no input fields data filtering has been discovered in the «Neoflex Movie Subscription Portal CMS». Current version of this web-application is 1.2. [?] :: Demo Website: # https://codecanyon.net/item/neoflex-movie-subscription-portal-cms/22817707 # Frontend: http://creativeitem.com/demo/neoflex/index.php?browse/home # Backend: http://creativeitem.com/demo/neoflex/index.php?home/signin/admin # Login: user@example.com, Password: 1234 [!] :: PoC Payload: # "><script>alert('QUIXSS')</script> # http://creativeitem.com/demo/neoflex/index.php?general/privacypolicy # http://creativeitem.com/demo/neoflex/index.php?general/refundpolicy [+] :: PoC [Stored XSS Injection]: # Authorize on the demo website for tests: http://creativeitem.com/demo/neoflex/index.php?home/signin/admin (login / password is user@example.com / 1234). Then go to the settings page: http://creativeitem.com/demo/neoflex/index.php?admin/settings and save your payload in the «Website Name» input field. On the same page fields «Website privacy policy» and «Website refund policy» can be used for Stored XSS Injections too. # Almost each input field is vulnerable for Stored XSS Injection.

References:

https://codecanyon.net/item/neoflex-movie-subscription-portal-cms/22817707


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top