AeroCMS v0.0.1 - Stored Cross-Site Scripting (XSS)

2023.04.21
bd Rahad Chowdhury (BD) bd
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2023-29847
CWE: N/A

# Exploit Title: AeroCMS v0.0.1 - Stored Cross-Site Scripting (XSS) # Date: 2023-03-14 # Exploit Author: Rahad Chowdhury # Vendor Homepage: https://github.com/MegaTKC/AeroCMS # Software Link: https://github.com/MegaTKC/AeroCMS/archive/refs/tags/v0.0.1.zip # Version: 0.0.1 # Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 # CVE: CVE-2023-29847 Steps to Reproduce: 1. At first open any post. 2. then fill up comments section and your request data will be POST /AeroCMS/post.php?p_id=1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 86 Origin: http://127.0.0.1 Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea Connection: close comment_author=test&comment_email=test@test.com&comment_content=test&create_comment= 3. "comment_author" and "comment_content" parameters are vulnerable. Let's try to use any XSS payload in "comment_author" and "comment_content" parameters. 4. Now login admin panel and go to "Comments" Menu 5. You will see XSS pop up (If admin approve comment so XSS pop up execute in post section).

References:

https://github.com/MegaTKC/AeroCMS/issues/11


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top