Exploits / Vulnerability Discovered : 2020-12-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Lepton cms 4.7.0 url persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Vulnerable Parameters: Pages URL.
Steps-To-Reproduce:
1. Login to the Admin Account
2. Go to the Menu-Pages-Pages Overview.
3. Now edit any page
4. Put the below payload in the url input box.
5.ex. https://localhost/_packinstall/"onmouseover=prompt(/xss/)>