Home Tools Exploits & CVE's MiniCMS 1.10 Cross Site Scripting

MiniCMS 1.10 Cross Site Scripting

December 6, 2020

872

Authored by yudp

MiniCMS version 1.10 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS
# Date: 2019-7-4
# Exploit Author: yudp
# Vendor Homepage: https://github.com/bg5sbk/MiniCMS
# Software Link:https://github.com/bg5sbk/MiniCMS
# Version: 1.10
# CVE :CVE-2019-13339

Payload：<script>alert("3: "+document.domain)</script> In /MiniCMS/mc-admin/page-edit.php

POC:

1. Go to the page-edit page and input the payload into the content box ,click save button 
2.Use burpsuite to edit the payload. Pay attention that the “+” needs to be url-encoded
3.After that, go to the page we have saved
4.Window will pop with the domain

MiniCMS 1.10 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Ex-FSB officer sentenced to 9 years in prison for helping Russian...

Phishing-as-a-service platform LabHost shut down in global operation

NATO to launch new cyber center to contest cyberspace ‘at all...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Email-Worm.Win32.Deltad Insecure Permissions

SnipCommand 0.1.0 Cross Site Scripting / Code Execution

Multi Store Inventory Management System 1.0 Account Takeover