Menu

Search for hundreds of thousands of exploits

"KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting"

Author

Exploit author

"Ishaq Mohammed"

Platform

Exploit platform

nodejs

Release date

Exploit published date

2017-10-25

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS
# Vendor Homepage: http://keystonejs.com/
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: WEBAPPS
# Platform: Node.js
# CVE: CVE-2017-15878

Vendor Description:

KeystoneJS is a powerful Node.js content management system and web app
framework built on express and mongoose. Keystone makes it easy to create
sophisticated web sites and apps, and comes with a beautiful auto-generated
Admin UI.
Source: https://github.com/keystonejs/keystone/blob/master/README.md

Technical Details and Exploitation:

A cross-site scripting (XSS) vulnerability exists in
fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via
the Contact Us feature.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15878

Proof of Concept:

1. Navigate to Contact Us page
2. Fill in the details needed and enter the below payload in message field
and send
<a onmouseover=alert(document.cookie)>XSS link</a>
3. Now login as admin and navigate to the above new record created in the
enquiries
4. Move the cursor on the text XSS link

Solution:

The issues have been fixed and the vendor has released the patches

https://github.com/keystonejs/keystone/pull/4478/commits/5cb6405dfc0b6d59003c996f8a4aa35baa6b2bac

Reference:

https://github.com/keystonejs/keystone/pull/4478
https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2018-01-28 "KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery" webapps nodejs "Saurabh Banawar"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection" webapps nodejs "Ishaq Mohammed"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting" webapps nodejs "Ishaq Mohammed"
Release Date Title Type Platform Author
2019-07-12 "Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting" webapps java "Ishaq Mohammed"
2019-01-28 "Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting" webapps java "Ishaq Mohammed"
2017-12-26 "SilverStripe CMS 3.6.2 - CSV Excel Macro Injection" webapps php "Ishaq Mohammed"
2017-12-18 "Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution" webapps php "Ishaq Mohammed"
2017-11-13 "Kirby CMS < 2.5.7 - Cross-Site Scripting" webapps php "Ishaq Mohammed"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection" webapps nodejs "Ishaq Mohammed"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting" webapps nodejs "Ishaq Mohammed"
2017-10-13 "phpMyFAQ 2.9.8 - Cross-Site Scripting (2)" webapps php "Ishaq Mohammed"
2017-10-12 "OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting" webapps php "Ishaq Mohammed"
2017-09-21 "PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)" webapps php "Ishaq Mohammed" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected