Landing-CMS
Landing-CMS copied to clipboard
Landing-CMS has Storage Cross Site Scripting.
First access the file management page, then click new file to upload the file, select the html file format.
http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php
payload:<script>alert(document.cookie)</scrtipt>
When we input the file content as payload, we find that the front end does not allow input /, so we can capture the package and modify the content or paste the payload directly into the file content.
![image](https://user-images.githubusercontent.com/27290132/99783016-d5d9cc80-2b54-11eb-97f4-08c4dc85c373.png)
Right-click the file and select "show url", open the file URL to trigger xss.
![image](https://user-images.githubusercontent.com/27290132/99783948-11c16180-2b56-11eb-8838-d5c794aba241.png)
![image](https://user-images.githubusercontent.com/27290132/99783970-17b74280-2b56-11eb-8044-c98d8cb3f228.png)
![image](https://user-images.githubusercontent.com/27290132/99784022-27368b80-2b56-11eb-86af-d0646cfe6c0d.png)
When the administrator opens the file after uploading the file, it can also trigger xss.
![image](https://user-images.githubusercontent.com/27290132/99785523-38809780-2b58-11eb-99ee-d3dfa9670c16.png)
![image](https://user-images.githubusercontent.com/27290132/99785584-4c2bfe00-2b58-11eb-800a-01e912093b91.png)
![image](https://user-images.githubusercontent.com/27290132/99785606-54843900-2b58-11eb-8ca8-2b0d3e14fc00.png)