Description

The demo website is affected of stored XSS at multiple menus.

Proof of Concept 01

#1. Access to the demo website http://demos4.softaculous.com/

#2. Login with admin user they provide, press on menu Uploader, in Uploader tab, try to upload whichever file then choose Media manager tab.

#3. We can see that the file is uploaded there and the web app allows us to add new gallery. Write a payload xss there and press Add button (In this scenario, I used payload "><img src>

#4. The payload will be triggered immediately.

Link: https://drive.google.com/file/d/1VpZVguIL0hc-ZK-quD4ZAfvsy38OQuMu/view?usp=sharing

Proof of Concept 02

#1. Access to the demo website and press on Entries menu.

#2. Choose the tab “Write Entry”, in Textarea, write xss payload "><img src>

#3. Press “Save & Continue” and the payload xss will be trigged in some places. (Watch PoC video for detail)

Link: https://drive.google.com/file/d/12zOYzQ4GWHW5QMIq5NkIViVaxpMRtQFD/view?usp=sharing

Note: This happen the same with menu Statics.