Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect

2024-04-1100:00:00

Andrey Stoykov

packetstormsecurity.com

concrete cms

web flaws

cross site scripting

open redirect

verbose error messages

sql error

stored xss

ubuntu 22.04

7.4 High

AI Score

Confidence

Low

JSON

`# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7  
# Date: 4/2024  
# Exploit Author: Andrey Stoykov  
# Version: 9.2.7  
# Tested on: Ubuntu 22.04  
# Blog: http://msecureltd.blogspot.com  
  
  
Verbose Error Message - Stack Trace:  
  
1. Directly browse to edit profile page  
2. Error should come up with verbose stack trace  
  
Verbose Error Message - SQL Error:  
  
1. Page Settings > Design > Save Changes  
2. Intercept HTTP POST request and place single quote to "pTemplateID"  
3. Verbose SQL error message would occur  
  
Open Redirect:  
  
1. Login to application  
2. Click to "Edit This Page" button  
3. Intercept HTTP GET request  
4. Enter relevant domain as value for "redirect" parameter  
  
Stored XSS:  
  
1. Edit page  
2. Add HTML and drag it to the page  
3. Add XSS payload  
  
"><iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">  
  
`

7.4 High

AI Score

Confidence

Low

JSON