search

NavigateCMS / Navigate-CMS

Navigate CMS, a very powerful open source content management system for everybody.
http://www.navigatecms.com
GNU General Public License v2.0
8 stars 4 forks source link

Cross Site Script Vulnerability NavigateCMS 2.9 #18

Closed luuthehienhbit closed 4 years ago

luuthehienhbit commented 4 years ago

Expected behaviour An authenticated malicious user can take advantage of a Reflected XSS vulnerability in the name="wrong_path_redirect" feature. Impact Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site. Steps to reproduce

  1. Log into the Admin.
  2. Go to function "Web > Web sites"
  3. Click website edit.
  4. Use Burp Suite inject payload to name="wrong_path_redirect": image Request: http://10.14.140.69:8012/navigate/navigate/navigate.php?fid=websites&act=edit&id=3&tab=0 image
NavigateCMS commented 4 years ago

Fixed by a5e758b490dfb58d617a76acd18c6356a6225e95