Typesetter cms 5.1 site title persistent crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-10-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Typesetter cms 5.1 site title persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting
# Exploit Author: Alperen Ergel
# Web Site: https://alperenae.gitbook.io/
# Contact: @alperen_ae (IG) @alpren_ae (TW)
# Software Homepage: https://www.typesettercms.com/
# Version : 5.1
# Tested on: windows 10 / xammp
# Category: WebApp
# Google Dork: intext:"Powered by Typesetter"
# Date: 2020-09-29
# CVE :-
######## Description ########
#
# 1-) Loggin administrator page
#
# 2-) Edit under Settings > Configration > General Settings > title and add payload
#
# 3-) Back to web site then will be work payload
#
#
######## Proof of Concept ########