Vulners
Lucene search
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
🗓️ 11 Apr 2024 00:00:00Reported by Andrey StoykovType 
packetstorm🔗 packetstormsecurity.com👁 219 Views
`# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7
# Date: 4/2024
# Exploit Author: Andrey Stoykov
# Version: 9.2.7
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
Verbose Error Message - Stack Trace:
1. Directly browse to edit profile page
2. Error should come up with verbose stack trace
Verbose Error Message - SQL Error:
1. Page Settings > Design > Save Changes
2. Intercept HTTP POST request and place single quote to "pTemplateID"
3. Verbose SQL error message would occur
Open Redirect:
1. Login to application
2. Click to "Edit This Page" button
3. Intercept HTTP GET request
4. Enter relevant domain as value for "redirect" parameter
Stored XSS:
1. Edit page
2. Add HTML and drag it to the page
3. Add XSS payload
"><iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Apr 2024 00:00Current
7.4High risk
Vulners AI Score7.4