e8dcb9f022
12 changes to exploits/shellcodes EZ CD Audio Converter 8.0.7 - Denial of Service (PoC) NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC) NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC) WebKit JSC - 'AbstractValue::set' Use-After-Free WebKit JSC - 'JSArray::shiftCountWithArrayStorage' Out-of-Bounds Read/Write Ayukov NFTP FTP Client 2.0 - Buffer Overflow Hashicorp Consul - Remote Command Execution via Rexec (Metasploit) Hashicorp Consul - Remote Command Execution via Services API (Metasploit) WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Frog CMS 0.9.5 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) WSTMart 2.0.8 - Cross-Site Scripting FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Craft CMS 3.0.25 - Cross-Site Scripting bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload bludit Pages Editor 3.0.0 - Arbitrary File Upload WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Vtiger CRM 7.1.0 - Remote Code Execution
13 lines
No EOL
459 B
Text
13 lines
No EOL
459 B
Text
# Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting
|
|
# Date: 2018-12-25
|
|
# Exploit Author:WangDudu
|
|
# Vendor Homepage: https://github.com/philippe/FrogCMS
|
|
# Software Link: https://github.com/philippe/FrogCMS
|
|
# Version:0.9.5
|
|
# CVE :CVE-2018-20448
|
|
|
|
# The parameter under /install/index.php is that the Database name has reflective XSS
|
|
# 1 The Database name , username and password must be correct
|
|
# 2 You can use the exp:
|
|
|
|
<script>alert(1)</script> |