┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ [ Vulnerability ] ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : https://www.codester.com/items/40401/ │ │ Vendor : Thinu Tech │ │ Software : Thinu-CMS Blog System 1.5 │ │ Vuln Type: Reflected XSS - Stored XSS │ │ Impact : Manipulate the content of the site │ │ │ │────────────────────────────────────────────────────────────────────────────────────────│ │ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ │ │ Reflected XSS │ │ │ │ The attacker can send to victim a link containing a malicious URL in an email or │ │ instant message can perform a wide variety of actions, such as stealing the victim's │ │ session token or login credentials │ │ │ │ │ │ Stored XSS │ │ │ │ Allow Attacker to inject malicious code into website, give ability to steal sensitive │ │ information, manipulate data, and launch additional attacks. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09 CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2023 ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ Path: /author_posts.php GET 'author' parameter is vulnerable to RXSS http://website/author_posts.php?author=g6g12o8sdm&p_id=195 ## Stored XSS ----------------------------------------------- POST /contact.php HTTP/1.1 name=[XSS Payload]&email=anything@email.com&subject=AnySubject&body=[XSS Payload]&submit=Submit+ ----------------------------------------------- POST parameter 'name' is vulnerable to XSS POST parameter 'body' is vulnerable to XSS ## Steps to Reproduce: ################################################################################################# 1. Visit [Contact US] Page on this Path (http://website/contact.php) 2. Inject your [XSS Payload] in "User" 3. Inject your [XSS Payload] in "Message Box" 4. Press Submit 8. When ADMIN check [Contacts] in Administration Panel on this Path (https://website/admin/contacts.php) 9. XSS Will Fire and Executed on his Browser [-] Done