October CMS : 3.6.30 Malicious file upload (CVE-2024–45962)

Sep 3, 2024

Description : We have identified a vulnerability that allows an authenticated admin account to upload a PDF file containing malicious javascript code (Stored Cross-Site Scripting) into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target.

Affected Component : http://{IP}/admin/media

Payload:

<script>alert(/Grim The Ripper Team by SOSECURE Thailand/)</script>

Proof of Concept:

First, login to the Backend Area.

We login to the target application with admin privileges.

Select the Media menu from the top bar.

Go to Documents and select Upload.

Select the file containing the XSS script that you want to upload

Click “Click here” on the right side to open the file.

The XSS payload will run immediately.

Author:

Grim The Ripper Team by SOSECURE Thailand

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by GrimTheRipper

You get the best out of others when you give the best of yourself

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Recommended from Medium

U.A. High School(TryHackMe) writeup

GrimTheRipper

U.A. High School(TryHackMe) writeup

The “U.A. High School” room on TryHackMe is inspired by anime name “My Hero Academia” . This room will be about the challenges of…

Oct 21, 2024

Billing: TryHackMe Writeup

In

T3CH

by

Ansul Kotadia

Billing: TryHackMe Writeup

Hacking the Books (Literally) 📜💸

Mar 8

THM - Billing

Francesco Pastore

THM - Billing

A writeup for the room Billing on TryHackMe

Mar 15

Username restrictions bypass on Hackerone program

bugbounty_learners

Username restrictions bypass on Hackerone program

Nov 9, 2024

Dogcat WriteUp (Flag1) | LFI

In

T3CH

by

Onurcan Genç

Dogcat WriteUp (Flag1) | LFI

In this article, I have analyzed Dogcat machine. I uncovered LFI vulnerability by manipulating the URL parameters.

Oct 9, 2024

Archangel | LFI to RFI, Crontab Exploitation and PATH Manipulation

In

System Weakness

by

Onurcan Genç

Archangel | LFI to RFI, Crontab Exploitation and PATH Manipulation

Learn PATH manipulation to escalate your privileges and crontab abusement.

Dec 10, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech