LayerBB 1.1.1 – Persistent Cross-Site Scripting

• Exploit Database
• 101 阅读

• 作者： 0xB9
  日期： 2019-01-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46079/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Exploit Title: LayerBB 1.1.1 - Cross-Site Scripting # Date: 10/4/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://forum.layerbb.com/downloads.php?view=file&id=26 # Version: 1.1.1 # Tested on: Ubuntu 18.04 # CVE: CVE-2018-17997     1. Description: LayerBB is a free open-source forum software. The XSS found allows users to add a payload to the title of conversations (PMs).   2. Proof of Concept:   - Start a new conversation sending to any user (victim) you want - Use a payload in the title<script>alert(&apos;XSS&apos;)</script> - Next time the user (victim) visits the site payload will execute     3. Solution: Update to 1.1.2