Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Frog CMS 0.9.5 Cross Site Scripting

Related Vulnerabilities: CVE-2018-10321  
Publish Date: 27 Apr 2018
Author: Wenming Jiang
Source 
                # Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings
# Date: 2018-04-23
# Exploit Author: Wenming Jiang
# Vendor Homepage: https://github.com/philippe/FrogCMS
# Software Link: https://github.com/philippe/FrogCMS
# Version: 0.9.5
# Tested on: php 5.6, apache2.2.29, macos 10.12.6
# CVE :CVE-2018-10321
 
 
Description:
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability when an attacker has access to Settings page, and enters the payload via "Admin Site title" in Settings.
 
 
Steps to replicate:
log into the system as an administrator role;
enter page: http://your_site/frogcms/admin/?/setting, and click Settings option;
navigate to "Admin Site title" section
enter payload as shown in below section:
Frog CMS1</a><img src=1 onerror="alert()" /><a>
visit http://your_site/frogcms/admin/?/login, you will triage JavaScript execution
 
 
 
Exploit Code:
Frog CMS1</a><img src=1 onerror="alert()" /><a>
 
 
Impacts:
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.
 
 
Affected Version:
0.9.5
 
 
Affected URL:
http://your_site/frogcms/admin/?/login

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started