CVE-2024-26521 PoC — CE Phoenix Cart 安全漏洞

Source

Associated Vulnerability

Description

Html Injection vulnearbility in CE-Phoenix-v1.0.8.20 where malicious HTML code is inserted into a website. This can lead to a variety of issues, from minor website defacement to serious data breaches.

Readme

# CVE-2024-26521
CE-Phoenix-v1.0.8.20
Html Injection vulnearbility

# Login Page
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/fdcac5f4-be7a-4c11-9cf7-035dbc44e3d9)

As we can see there is a login page that anyone can understand there is a HTML injection vulnerability are there in this application.

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/2ddaa0eb-fd7f-4351-9710-de0483a48635)

Basically in this application all php save in this location as you can see the image given below!

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/9511197e-674e-40d3-ac6b-c3d093e6a43e)

# HTML Injection codes
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/7b0ecb0c-852c-418b-b442-36dd7221c1d1)

# PoC - Proof of concept image 
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/34c0de44-4085-44d9-8d05-edbcd6fcfb37)

# Payloads
payloads.txt

# PoC Video

https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/a7e8c1a1-a0e6-412a-ab91-da4d3974db77

File Snapshot

 [4.0K]  /data/pocs/9963f169cea6a5880ea20161614b3f7599b6ffd1
├── [ 71K]  1.png
├── [ 79K]  2.png
├── [ 46K]  3.png
├── [ 46K]  4.png
├── [ 34K]  5.png
├── [ 450]  payloads.txt
├── [ 11M]  poc.mp4
└── [1.1K]  README.md

0 directories, 8 files

Remarks