| शीर्षक | Pluck CMS 4.7.4 Stored XSS |
|---|
| विवरण | From the admin interface select Pages -> Manage Images. Select any valid image and intercept the request after selecting Upload. The filename parameter isn’t properly sanitized a payload of filename="test.<img src=a onmouseover=alert(document.cookie)>" is enough to achieve stored XSS on that page.
Any user or admin visiting the "manage images" page is exploited by our stored XSS.
Hovering about the broken image give the alert as shown below. Coincidentally the following will work also filename="index.<body onload=alert(document.cookie)>". There was a way I was able to insert the image into the homepage and have XSS on there permanently also. I blew up that install and just started using your dev branch so not going to waste time trying to do that.
This function: preventXSS() in function.all.php only escapes backslashes and isn't robust enough.
Developer corrected issue and fixed - https://github.com/pluck-cms/pluck/issues/58 |
|---|
| स्रोत | ⚠️ https://github.com/pluck-cms |
|---|
| उपयोगकर्ता | s7acktrac3 (UID 865) |
|---|
| सबमिशन | 25/05/2018 01:18 PM (8 साल पहले) |
|---|
| संयम | 25/05/2018 05:31 PM (4 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 118202 [Pluck 4.7.4 Manage Images function.all.php preventXSS संग्रहीत क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|