漏洞概要

漏洞标题:
iScripts Easycreate 3.2.1 – Stored Cross-Site Scripting

提交时间:
2018-04-10

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 10 人关注

漏洞详情

EDB-ID: 44436 Author: ManhNho Published: 2018-04-10
CVE: <a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='CVE-2018-9236CVE-2018-9237‘>
CVE-2018-9236…
Type: Webapps Platform: PHP

E-DB Verified:
<a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='We make an effort to verify exploits (verifty) in our labs, when possible. A “non verified” exploit (marked by a clock icon clock) simply means we did not have the opportunity to test the exploit internally.’>
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Title:  iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
# Date: 02/04/2018
# Exploit Author: ManhNho
# Vendor Homepage: https://www.iscripts.com
# Demo Page: https://www.demo.iscripts.com/easycreate/demo/
# Version: 3.2.1
# Tested on: Windows 10
# Category: Webapps
# CVE: CVE-2018-9236
# CVE: CVE-2018-9237

1. Description
====================
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" and "Site Title" fields.

2. PoC
====================
1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
2. In "edit site" action,  Inject "><script>alert('2')</script> to "Site Description" field
3. Save and change!! refresh and we have alert pop up!

3. PoC
====================
1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
2. In "edit site" action, Inject </title>"><script>alert('1')</script> to "Site title" field
3. Save and change! refresh and we have alert pop up!

4. References
====================
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9236

发表评论

电子邮件地址不会被公开。 必填项已用*标注