Lara-Blog Stored XSS Vulnerability ~ pwning web apps

# Exploit Title: Lara-Blog Stored XSS Vulnerability
# Date: 11/06/2016
# Exploit Author: Murat YILMAZLAR
# Vendor Homepage: http://xcoder.io/demo/
# Demo Page: http://xcoder.io/demo/lara-blog/dashboard
# Version: 1.0

#########################

1. Vulnerability Summary:

Larablog is vulnerable to a stored XSS when an user is created with an
malicious payload on the Full name field.
The javascript payload is executed when another admin or editor tries to use the
"Users" section from left bar.

2. How to exploit:

Go to the admin panel and create a new user or edit a existed user. Change the "Full name" to :
"><img src="c" onerror="alert(document.

cookie)"> after this, go to the "Users" section or "Dashboard"
Here is your alert.

PoC: http://prntscr.com/bevbyh

3. Vulnerable Versions:

All versions of Lara-Blog is vulnerable for this bug.

#########################

13 Haziran 2016 Pazartesi

Lara-Blog Stored XSS Vulnerability