BlogMagz 1.0 - Stored XSS - CXSecurity.com

BlogMagz 1.0 - Stored XSS

2023.06.18

CraCkEr (LB)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Author : CraCkEr
Website : techrobot.in - https://www.codester.com/items/41338/
Vendor : Tech Robot
Software : BlogMagz CMS 1.0
Vuln Type: Stored XSS
Impact : Manipulate the content of the site
Release Notes:
The attacker can send to victim a link containing a malicious URL in an email or
instant message can perform a wide variety of actions, such as stealing the victim's
session token or login credentials
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Reflected XSS (RXSS)
Path: /search
GET Parameter 'q' is Vulnerable to Reflected XSS (RXSS)
https://website/search?q=[XSS]
## Stored XSS
---------------------------------------------------------
POST /blogmagz/ajax/article/add-comment HTTP/2
post_id=8&comment=[XSS Payload]
---------------------------------------------------------
## Steps to Reproduce:
1. Login in Any Normal User Mode
2. Comment On Any Post with Your [XSS Payload]
3. When Admin Visit the Admin Panel The XSS Will Fire On his Browser
4. When the Admin will Visit https://website/blogmagz/admin/pending-comments
5. The XSS Will Fire Again on his Browser
[-] Done
© CraCkEr 2023

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

BlogMagz 1.0 - Stored XSS

Dork: Copyright © 2023 BlogMagz All Rights Reserved.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.