[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Concrete5 8.5.4 Cross Site Scripting Vulnerability

Author
nu11secur1ty
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-35888
Category
web applications
Date add
02-03-2021
CVE
CVE-2021-3111
Platform
php
# Exploit Title: Cross site scripting(XSS)
# Author: nu11secur1ty
# Vendor: https://www.concrete5.org/download
# Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111
# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111


[Exploit]
# Place
- Navigate to entries directory
concrete5-8.5.4/index.php/dashboard/express/entries/

# PoC
- Copy and paste the int_string in to Handle field
nu11secur1ty0000000111111100101010100100100100101010101

- fill in the remaining fields and save

#  0day.today [2024-11-16]  #