MiniCMS 1.10 Cross Site Scripting

MiniCMS 1.10 Cross Site Scripting: Posted Dec 4, 2020; Authored by yudp; MiniCMS version 1.10 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 580397233fb61a4bef10a59c12712f1a1c36d9f40ccb8106594b5836e6026920; Download | Favorite | View

MiniCMS 1.10 Cross Site Scripting

# Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS
# Date: 2019-7-4
# Exploit Author: yudp
# Vendor Homepage: https://github.com/bg5sbk/MiniCMS
# Software Link:https://github.com/bg5sbk/MiniCMS
# Version: 1.10
# CVE :CVE-2019-13339

Payload：<script>alert("3: "+document.domain)</script> In /MiniCMS/mc-admin/page-edit.php

POC:

1. Go to the page-edit page and input the payload into the content box ,click save button 
2.Use burpsuite to edit the payload. Pay attention that the “+” needs to be url-encoded
3.After that, go to the page we have saved
4.Window will pop with the domain

Top Authors In Last 30 Days

Red Hat 383 files
Ubuntu 90 files
Debian 27 files
Gentoo 18 files
tmrswrr 12 files
Ph0s 5 files
R0ckE7 5 files
Google Security Research 4 files
Rahad Chowdhury 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,911)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,839)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,618)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,135)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

MiniCMS 1.10 Cross Site Scripting

MiniCMS 1.10 Cross Site Scripting

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MiniCMS 1.10 Cross Site Scripting

Share This

MiniCMS 1.10 Cross Site Scripting

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems