Atlas Business Directory Listing v1.0 Stored XSS Injection

2019.06.12
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*! * ::- Title: Atlas Business Directory Listing v1.0 Stored XSS Injection * ::- Author: m0ze * ::- Date: 2019/06/11 * ::- Software: Atlas Business Directory Listing v1.0 */ ::- Details & Description -:: ~ Weak security measures like no input fields data filtering has been discovered in the Ā«Atlas Business Directory ListingĀ». Current version of this web-application is 1.0. ::- Demo Website -:: ~ https://codecanyon.net/item/atlas-business-directory-listing/23830254 ~ Frontend: http://creativeitem.com/demo/atlas/ ~ Backend: http://creativeitem.com/demo/atlas/home/login ~ Login / Password (admin): admin@example.com / 1234 ~ Login / Password (customer): user@example.com / 1234 ::- Special Note -:: ~ No PoC links because demo website recovers really quickly. ::- Google Dork -:: ~ - ::- PoC Links -:: ~ - ::- PoC [Stored XSS Injection] -:: ~ Go to the demo website http://creativeitem.com/demo/atlas/home/login and log in with provided credentials (doesn't matter admin or customer cuz both users have an access to create or modify data). Choose any page/section and edit the existed items or create a new one and inject your payload inside any input field or textarea. There is no filters or WAF datected so feel free to do what u need. ~ Example #1: <img src=x onerror=alert(document.domain)> ~ Example #2: <img src=x onerror=alert('m0ze');window.location='//m0ze.ru/'>

References:

https://codecanyon.net/item/atlas-business-directory-listing/23830254


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top