sec👨‍💻fortress:~#

Defensive By Offensive!.

View on GitHub

CVE-2024-55342

image

Desc : A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to the /manager/media endpoint. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to an XSS vulnerability.

Steps to Reproduce:

1. Login via the manager endpoint :: /manager/login
2. Navigate to the "Media" Content
3. Download and upload your XSS PDF file :: https://github.com/sec-fortress/Exploits/blob/main/xssPDF-my.pdf
4. If you like you can edit the XSS payload in the pdf file
5. Click on the uploaded PDF file and you have XSS