MiniCMS 1.10 Cross Site Scripting

MiniCMS 1.10 Cross Site Scripting: Posted Dec 4, 2020; Authored by yudp; MiniCMS version 1.10 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 580397233fb61a4bef10a59c12712f1a1c36d9f40ccb8106594b5836e6026920; Download | Favorite | View

MiniCMS 1.10 Cross Site Scripting

# Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS
# Date: 2019-7-4
# Exploit Author: yudp
# Vendor Homepage: https://github.com/bg5sbk/MiniCMS
# Software Link:https://github.com/bg5sbk/MiniCMS
# Version: 1.10
# CVE :CVE-2019-13339

Payload：<script>alert("3: "+document.domain)</script> In /MiniCMS/mc-admin/page-edit.php

POC:

1. Go to the page-edit page and input the payload into the content box ,click save button 
2.Use burpsuite to edit the payload. Pay attention that the “+” needs to be url-encoded
3.After that, go to the page we have saved
4.Window will pop with the domain

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

MiniCMS 1.10 Cross Site Scripting

MiniCMS 1.10 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MiniCMS 1.10 Cross Site Scripting

Share This

MiniCMS 1.10 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems