关联漏洞
描述
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
介绍
# Backdrop CMS version 1.23.0
### Vulnerability Explanation:
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the `Page` content.
### Attack Vectors:
The attacker must post something on the "Page content" and insert the XSS payload at the "Body" input, and pick the Raw HTML Editor in order to exploit the stored XSS. The XSS payload will be launched immediately after save.
### Affected:
- http://ip_address//backdrop/node/add/page
- POST /backdrop/node/add/page
### Payload :
- `<img src=x onerror=confirm('Grim-The-Ripper-Team-by-SOSECURE-Thailand')>`
### Tested on:
1. Backdrop CMS version 1.23.0 (https://github.com/backdrop/backdrop/releases/tag/1.23.0)
2. Firefox version 105
### Steps to attack:
1. Enter your username and password; the account must have admin privileges
2. Select Content > add content > Page
3. Enter information into the form provided.
4. Enter the XSS payload in the Body field.
5. Choose "Raw HTML" Editor and Save.
5. The XSS payload will run immediately.
### Discoverer:
:shipit: Grim The Ripper Team by SOSECURE Thailand
### Medium:
-
### Disclosure Timeline:
- 2022–xx–xx: Vulnerability discovered.
- 2022–xx–xx: Vulnerability reported to the MITRE corporation.
- 2022–xx–xx: CVE has been reserved.
- 2022–xx–xx: Public disclosure of the vulnerability.
Reference:
1.
2.
3. https://github.com/backdrop/backdrop/releases/tag/1.23.0
4. https://backdropcms.org
文件快照
[4.0K] /data/pocs/d6f5639405549942a5aabd1970c93b6ebd683db3
└── [1.5K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。