POC详情: 46aaa9e86ebf8c9648aa4738d630f5216407bfa6

来源
https://github.com/sromanhu/CVE-2023-43879-RiteCMS-Stored-XSS---GlobalContent
关联漏洞
标题: RiteCMS 跨站脚本漏洞 (CVE-2023-43879)
描述:RiteCMS是一个网站CMS。 RiteCMS 3.0版本存在跨站脚本漏洞。攻击者利用该漏洞通过特制的有效载荷在Administration Menu中的Global Content Blocks中执行任意代码。
描述
About RiteCMS 3.0 is affected by a Multiple Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Global Content Blocks in the Administration Menu
介绍
# Rite CMS v3.0 Multiple Stored XSS 

## Author: (Sergio)

**Description:** Rite CMS 3.0 is affected by a Cross-Site scripting (XSS) stored vulnerability that allows attackers to execute arbitrary code via a crafted payload in to the Global Content Blocks in the Administration Menu.

**Attack Vectors:** AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

---

### POC:


When logging into the panel, we will go to the "Administration - Global Content Blocks - Home" .


We edit the body configuration where we add the XSS payloads. 

![XSS Payload](https://github.com/sromanhu/RiteCMS-Stored-XSS---GlobalContent/assets/87250597/2f6ab0d8-d70c-45dc-a4c5-ea87ef6e05c6)




### XSS Payload:

```js
'"><svg/onload=alert('document.domain')>
```


And when we save it, we will see that the XSS pop-up appears

![XSS Payload  Result](https://github.com/sromanhu/RiteCMS-Stored-XSS---GlobalContent/assets/87250597/0fb066be-8082-44c8-b174-479677cdbcba)



</br>
文件快照

 [4.0K]  /data/pocs/46aaa9e86ebf8c9648aa4738d630f5216407bfa6
└── [ 939]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。