Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090039

Below is a copy:

News247 News Magazine 1.0 Cross Site Scripting
# Exploit Title: News247 - News Magazine (CMS) v1.0  Stored Cross Site Scripting (XSS) 
# Exploit Author: Ravinder Verma 
# Date: Septmeber 14, 2022 
# Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html 
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip 
# Tested on: Kali Linux, Apache, Mysql 
# Vendor: 255programmer 
# Version: v1.0 
# CVE [Reserved] : CVE-2021-41731 
# Exploit Description:

#   News247 - News Magazine (CMS) v1.0 suffers from a stored cross site
scripting (XSS) Vulnerability. Admin can publish blogs under various
categories. When creating new "blog category", if admin give malicious
payload like *""><img src=x onerror=alert(document.cookie)>* into the
category name field and publish that blog. Then it allows you to execute
arbitrary JavaScript in the context of the whole user who visited that
page. It can be abused to steal session cookies, perform requests in the
name of the victim or for phishing attacks.

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.