exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SeoChecker 1.9.2 Cross Site Scripting

SeoChecker 1.9.2 Cross Site Scripting
Posted Jul 6, 2018
Authored by Ahmed Elhady Mohamed

SeoChecker Umbraco CMS plugin version 1.9.2 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 808f40f5ea5a3289e8468fc166c306508c3e44f814da48677928b6dae6a49d9a

SeoChecker 1.9.2 Cross Site Scripting

Change Mirror Download
######################
# Author Information #
######################
Author : Ahmed Elhady Mohamed
twitter : @Ahmed__ELhady
Date : 01/07/2018
########################
# Software Information #
########################
Affected Software : SeoChecker Umbraco CMS Plug-in
Version: version 1.9.2
Software website : https://soetemansoftware.nl/seo-checker

###############
# Description #
###############
SeoChecker Umbraco CMS Plug-in version 1.9.2 is vulnerable to stored cross-site scripting vulnerability in two parameters
which are SEO title and SEO description HTML parameters fields. A low privilege authenticated user who can edit the SEO tab
parameter value for any Ubmraco CMS content like an article will be able to inject a malicious code to execute arbitrary HTML
and JS code in a user's browser session in the context of an affected site. so when a high privilege user tries to access/edit
the article content. the JS code will be executed. The vulnerabilities are tested on 1.9.2 version and Other versions may also be affected.


#################
# Exlpoit Steps #
#################
1- Access the application with a low privilege authenticated user
2- Go to the SEO tab for any article
3-Enter the following payload in SEO title and SEO description HTML parameters fields parameters
"><script>alert(123)</script>
4- Access the article content page to edit and change contents value.
5- The JS code will be executed.
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close