POC详情: 52086b3dfc33d4ad96d7a84a2a328a9440b943f8

来源
https://github.com/sromanhu/-CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options
关联漏洞
标题: Evolution CMS 跨站脚本漏洞 (CVE-2023-43340)
描述:Evolution CMS是一套基于PHP的开源内容管理系统(CMS)。 Evolution CMS v.3.2.3版本存在安全漏洞,该漏洞源于cmsadmin、cmsadminmail等多个参数存在跨站脚本(XSS)漏洞。
描述
Evolution CMS 3.2.3 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation/options process.
介绍
# Evolution CMS Reflected XSS v3.2.3

## Author: (Sergio)

**Description:** Multiple Cross-site scripting (XSS) reflected vulnerabilities in the evolution v.3.2.3 installation process Admin options allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters.

**Attack Vectors:** A vulnerability in the sanitization of the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters of the Database installation Admin options process allows JavaScript code to be injected.

---

### POC:


During the installation process we enter the XSS payload in the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters and when we click on next, we will obtain the XSS pop-up.

### XSS Payload:

```js
'"><svg/onload=alert('admin_name')>
```


In the following image you can see the embedded code that executes the payload in the installation process.

![XSS Payload Name](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/33343245-d79a-4a21-903a-a3f8a3d720eb)



![XSS Payload email](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/36fef73d-2192-4778-b28f-ac790801768c)



![XSS Payload password y password confirm](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/db8b8593-92c0-4836-a400-f7f693bc724d)



And the result will be reflected with the pop-up of the following evidence:

![XSS result Name](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/b8feecd9-4fcf-436d-a4ed-8fef58fa0cc3)



![XSS result emailpng](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/e6c0d2fb-9f0c-49c9-882d-e308ad286e57)



![XSS result password](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/88084157-9b67-46b9-9cca-d8e5887124b8)



![XSS result password confirm](https://github.com/sromanhu/Evolution-Reflected-XSS---Installation-Admin-Options/assets/87250597/9f375374-a148-4f4b-9f31-3c7ac11bbeb4)



</br>

### Additional Information:

https://evo.im/
文件快照

 [4.0K]  /data/pocs/52086b3dfc33d4ad96d7a84a2a328a9440b943f8
└── [2.2K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。