Craft CMS 3.0.25 – CROSS-SITE SCRIPTING VULNERABILITY

Yazılarımı sol kısımda bulunan sosyal medya butonlarına basarak paylaşabilirsiniz.
  •  
  •  
  •  
  •  
  •  
  • 8
  •  
  •  
  •  
  •  
    8
    Shares

Proof of Concept

To exploit vulnerability, Allows it to run a Cross-Site Scripting by saving a new title from the console tab.

CVE: CVE-2018-20418

 

What is XSS:

Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is not stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URL or HTTP parameters, improperly processed by the application, and returned to the victim.

Proof of Concept Video

Screenshots

Source: https://github.com/rdincel1/Craft-CMS-3.0.25—Cross-Site-Scripting/

  •  
    8
    Shares
  •  
  •  
  •  
  •  
  • 8
  •  
  •  
  •  
  •  
  •  

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir