Atlas Business Directory Listing v1.0 Stored XSS Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1632316 漏洞类型
发布时间 2019-06-12 更新时间 2019-06-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060063
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*!
* ::- Title: Atlas Business Directory Listing v1.0 Stored XSS Injection
* ::- Author: m0ze
* ::- Date: 2019/06/11
* ::- Software: Atlas Business Directory Listing v1.0
*/
  
::- Details & Description -::
~ Weak security measures like no input fields data filtering has been discovered in the «Atlas Business Directory Listing». Current version of this web-application is 1.0.

::- Demo Website -::
~ https://codecanyon.net/item/atlas-business-directory-listing/23830254
~ Frontend: http://creativeitem.com/demo/atlas/
~ Backend: http://creativeitem.com/demo/atlas/home/login
~ Login / Password (admin): admin@example.com / 1234
~ Login / Password (customer): user@example.com / 1234

::- Special Note -::
~ No PoC links because demo website recovers really quickly.

::- Google Dork -::
~ -

::- PoC Links -::
~ -

::- PoC [Stored XSS Injection] -::
~ Go to the demo website http://creativeitem.com/demo/atlas/home/login and log in with provided credentials (doesn't matter admin or customer cuz both users have an access to create or modify data). Choose any page/section and edit the existed items or create a new one and inject your payload inside any input field or textarea. There is no filters or WAF datected so feel free to do what u need.
~ Example #1: <img src=x onerror=alert(document.domain)>
~ Example #2: <img src=x onerror=alert('m0ze');window.location='//m0ze.ru/'>