Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting

🗓️ 07 Jun 2017 00:00:00Reported by Ahsan TahirType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 58 Views

GravCMS Admin Plugin Persistent Cross-Site Scripting 1.4.

Code
# Exploit Title: GravCMS Core (Admin Plugin) v1.4.2 - Persistent Cross-Site Scripting
# Date: 2017-06-07
# Exploit Author: Ahsan Tahir
# Vendor Homepage: https://getgrav.org/
# Software Link: https://getgrav.org/download/core/grav-admin/1.2.4
# Version: 1.4.2
# Tested on: [Kali Linux 2.0 | Windows 8.1]
# Email: [email protected]
# Contact: https://twitter.com/AhsanTahirAT

Release Date:
=============
2017-06-07


Product & Service Introduction:
===============================
Grav is built and maintained by a team of dedicated and passionate developers, designers and users. 
As Grav is an open source project we greatly appreciate user contribution and commitment. These are the key folks that make this all possible.


Abstract Advisory Information:
==============================
Ahsan Tahir, an independent vulnerability researcher discovered a Persistent Cross-Site Scripting Vulnerability in GravCMS Admin Plugin (v 1.4.2)


Vulnerability Disclosure Timeline:
==================================
2017-06-07: Found the vulnerability.
2017-06-07: Reported to vendor.
2017-06-07: Published.

Discovery Status:
=================
Published


Exploitation Technique:
=======================
Remote


Severity Level:
===============
Medium


Technical Details & Description:
================================
The security risk of the xss vulnerability is estimated as medium with a common vulnerability scoring system count of 3.6. 
Exploitation of the persistent xss web vulnerability requires a limited admin user account and only low user interaction. 
Successful exploitation of the vulnerability results in persistent phishing attacks, session hijacking, persistent external 
redirect to malicious sources and persistent manipulation of affected or connected web module context.


Proof of Concept (PoC):
=======================
The persistent input validation vulnerability can be exploited by restricted user accounts with low user interaction.
For security demonstraton or to reproduce the vulnerability follow the provided information and steps below to continue.

Payload (Exploitation): [Click Me](javascript:alert(1))

[+] Manual steps to reproduce ..
1. Login with the admin or editor account in GravCMS
2. Go to edit page option (e.g http://127.0.0.1/cms/grav-admin/admin/pages/home)
3. Put the payload "[Click Me](javascript:alert(1))" (without quotes) in the content of page
4. Save Page!
5. Go to the index page (e.g http://127.0.0.1/cms/grav-admin/)
6. Click on "Click Me"
7. The Javascript execution occurs - Successful reproduce of the persistent cross site scripting vulnerability!


Credits & Authors:
==================
Ahsan Tahir - [https://twitter.com/AhsanTahirAT]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jun 2017 00:00Current
7.4High risk
Vulners AI Score7.4
gravcmscross-site scriptingvulnerabilityexploitationpersistent
58