Twenty Year Anniversary

October CMS Cross Site Scripting

October CMS Cross Site Scripting
Posted Feb 19, 2018
Authored by Samrat Das

October CMS versions prior to 1.0.431 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-7198
MD5 | 62a133dfd92114f27534b043978277bf

October CMS Cross Site Scripting

Change Mirror Download
# Exploit Title: October CMS Stored Code Injection
# Date: 16-02-2018
# Exploit Author: Samrat Das
# Contact: http://twitter.com/Samrat_Das93
# Website: https://securitywarrior9.blogspot.in/
# Vendor Homepage: *https://octobercms.com/ <https://octobercms.com/>*
# Version: All versions till date from 1.0.431
# CVE : CVE- 2018-7198
# Category: WebApp CMS

1. Description

The application source code is coded in a way which allows malicious
crafted HTML commands to be executed without input validation

2. Proof of Concept

1. Visit the application
2. Visit the Add posts page
3. Goto edit function, add any html based payload and its gets stored and executed subsequently.

Proof of Concept

Steps to Reproduce:

1. Create any HTML based payload such as:

Username:<input type=text> <br>
Password: <input type=text> <br>
<button type="button">Login</button>

2. This hosted page with form action implemented upon clicked by user will lead to exfiltration of credentials apart from performing a host of other actions such as stored xss and another similiar attacks.



3. Solution:

Implement through input validation to reject unsafe html input.


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    1 Files
  • 22
    Jul 22nd
    1 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close