提出 #173865: ThinuCMS 1.5 - Reflected XSS - Stored XSS情報

タイトルThinuCMS 1.5 - Reflected XSS - Stored XSS
説明Author : skalvin aka (CraCkEr) Date : 25/06/2023 Website : https://www.codester.com/items/40401/ Vendor : Thinu Tech Software : Thinu-CMS Blog System 1.5 Vuln Type: Reflected XSS - Stored XSS Impact : Manipulate the content of the site Release Notes: Reflected XSS The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials Stored XSS Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. Path: /author_posts.php GET 'author' parameter is vulnerable to RXSS http://website/author_posts.php?author=g6g12<script>alert(1)</script>o8sdm&p_id=195 ## Stored XSS ----------------------------------------------- POST /contact.php HTTP/1.1 name=[XSS Payload]&[email protected]&subject=AnySubject&body=[XSS Payload]&submit=Submit+ ----------------------------------------------- POST parameter 'name' is vulnerable to XSS POST parameter 'body' is vulnerable to XSS ## Steps to Reproduce: ################################################################################################# 1. Visit [Contact US] Page on this Path (http://website/contact.php) 2. Inject your [XSS Payload] in "User" 3. Inject your [XSS Payload] in "Message Box" 4. Press Submit 8. When ADMIN check [Contacts] in Administration Panel on this Path (https://website/admin/contacts.php) 9. XSS Will Fire and Executed on his Browser [-] Done
ユーザー
 skalvin (UID 49463)
送信2023年06月25日 13:21 (3 年 ago)
モデレーション2023年07月07日 14:08 (12 days later)
ステータス承諾済み
VulDBエントリ233294 [ThinuTech ThinuCMS 1.5 /contact.php name/body クロスサイトスクリプティング]
ポイント17

Do you need the next level of professionalism?

Upgrade your account now!