Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Pligg CMS 2.0.2 - Stored XSS

From: joelvarghese7 () gmail com
Date: Thu, 23 Apr 2015 12:30:58 GMT
Hi Team,

#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php 

Description: Pligg CMS is a content management platform that powers tens of thousands of websites. It specializes in 
creating social publishing networks, where users submit and promote content similar to sites like Digg, Reddit, and 
Mixx.Pligg CMS is vulnerable to stored xss vulnerability. The parameter "page_title" and "page_content" are the 
vulnerable parameter which will lead to its compromise.

#Proof of Concept (PoC): "><img src="a.jpg" onerror="alert('XSS')"/>

-- 
Regards,

Joel V
Previous By Date Next
Previous By Thread Next

Current thread: