BlackCat CMS 1.3.6 XSS漏洞

From PwnWiki
Revision as of 18:05, 21 April 2021 by Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 04/07/2021 # Exploit Author: Ömer Hasan Durmuş # Vendor Homepage: ht...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

EXP

# Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 04/07/2021
# Exploit Author: Ömer Hasan Durmuş
# Vendor Homepage: https://blackcat-cms.org/
# Software Link: https://blackcat-cms.org/page/download.php
# Version: BlackCat CMS - 1.3.6

Step 1 : Login to admin account in http://TARGET/backend/start/index.php
Step 2 : Then click on the "Addons"
Step 3 : Click on "Create new"
Step 4 : Input "<script>alert(1)</script>" in the field "Module / language name"
Step 5 : Update or visit new page.

Step 1 : Login to admin account in http://TARGET/backend/start/index.php
Step 2 : Then click on the "Access"
Step 3 : Click on "Manage groups"
Step 4 : Input "<script>alert(1)</script>" in the field "Group name" and click "Add group"
Step 5 : Update or visit new page.
Retrieved from "https://pwnwiki.com/index.php?title=BlackCat_CMS_1.3.6_XSS漏洞&oldid=1846"