Evolution 3.1.29 — Stored XSS Vulnerability
Description:
An XSS vulnerability was discovered in Evolution 3.1.29. It allows admin user account to create and inject malicious scripts via Templates function, which are then executed in other browsers.
Affected Component:
http://[IP]/manager/#?a=19
Payload:
<script>alert('XSS')</script>
Proof of Concept:
First, login to the target application.
Enter to Target http://IP/manager/
We login to the target application with admin privileges.
To create a new template, begin by clicking on the “Elements” tab. Within the “Elements” tab, locate and click on the “Templates” option. This will open a new window or panel where you can create a new template.
Enter information into the form provided and input the XSS payload in the detail field then click “Save” button.
Then click on Evolution CMS Install Success.
The XSS payload will run immediately.
Payload was execute.
Author:
Grim The Ripper Team by SOSECURE Thailand