inurl:dnn.js

  • 日期:2019-04-23
  • 类别:
  • 作者:F1uffyGoat
  • 语法:inurl:dnn.js

  • inurl:dnn.js Reveals Raw Javascript of the Dot Net Nuke CMS of websites that may be vulnerable to XSS ( CVE-2013-4649 ) via searching the page text for the string ' Type.registerNamespace("dnn") ' .

    Vulnerable versions: 
    - DNN 7.1.0 and earlier
    - DNN 6.2.8 and earlier

    POC: http://www.vulnerable.com/?__dnnVariable={'__dnn_pageload':'alert(/XSS/)'}