[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

b2evolution 6.11.6 - (plugin name) Stored XSS Vulnerability

Author
Soham Bakore
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-35812
Category
web applications
Date add
10-02-2021
Platform
php
# Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22841


--------------------------Proof of Concept-----------------------

1. Login with an account having high privileges  
2. Navigate to System -> Plugins and select any plugin
3. Change the plugin name and enter the following payload  "><svg/onload=alert(123)> in the name parameter
4. Payload gets stored in the database
5. The payload gets executed after the victim checks the plugin page.
6. This vulnerability needs high privilege and can affect other users with similar privileges

#  0day.today [2024-12-25]  #