Cotonti siena 0.9.19 maintitle stored crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-06-16 |
Type : webapps |
Platform : php
This exploit / vulnerability Cotonti siena 0.9.19 maintitle stored crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
# Date: 2021-15-06
# Exploit Author: Fatih İLGİN
# Vendor Homepage: cotonti.com
# Vulnerable Software: https://www.cotonti.com/download/siena_0919
# Affected Version: 0.9.19
# Tested on: Windows 10
1) Entering the Admin Panel (vulnerableapplication.com/cotonti/admin.php)
2) Then go to Configuration tab and set payload ("><img src=1 href=1 onerror="javascript:alert(1)"></img>) for Site title param
3) Then click Update button
4) In the end, Go to home page then shown triggered vulnerability