Concrete5 8.5.4 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 2nd, 2021 📆 | 2697 Views ⚑

0

Concrete5 8.5.4 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Cross site scripting(XSS)
# Author: nu11secur1ty
# Date: 02.27.2021
# Vendor: https://www.concrete5.org/download
# Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111
# CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 [Exploit]# Place
– Navigate to entries directory
concrete5-8.5.4/index.php/dashboard/express/entries/

# PoC
– Copy and paste the int_string in to Handle field
nu11secur1ty0000000111111100101010100100100100101010101

– fill in the remaining fields and save


System Administrator – Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://www.exploit-db.com/
https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty

Source link

Tagged with:



Leave a Reply