Exploit e107 website system 0.6 - 'usersettings.php?avmsg' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
24153
Проверка EDB
  1. Пройдено
Автор
JANEK VIND
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2004-2040
Дата публикации
2004-05-29
Код:
source: https://www.securityfocus.com/bid/10436/info

e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.


http://www.example.com/e107_0615/usersettings.php?avmsg=[xss code here]
 
Источник
www.exploit-db.com

Похожие темы