Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

MiniCMS 1.10 Cross Site Scripting

Related Vulnerabilities: CVE-2019-13339  
Publish Date: 04 Dec 2020
Author: yudp
Source 
                # Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS
# Date: 2019-7-4
# Exploit Author: yudp
# Vendor Homepage: https://github.com/bg5sbk/MiniCMS
# Software Link:https://github.com/bg5sbk/MiniCMS
# Version: 1.10
# CVE :CVE-2019-13339

Payload:<script>alert("3: "+document.domain)</script> In /MiniCMS/mc-admin/page-edit.php

POC:

1. Go to the page-edit page and input the payload into the content box ,click save button 
2.Use burpsuite to edit the payload. Pay attention that the “+” needs to be url-encoded
3.After that, go to the page we have saved
4.Window will pop with the domain


<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started