Exploit Exponent CMS 0.96.5/0.96.6 - 'magpie_debug.php?url' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
29870
Проверка EDB
  1. Пройдено
Автор
HAMID EBADI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-2337
Дата публикации
2007-04-20
Exponent CMS 0.96.5/0.96.6 - 'magpie_debug.php?url' Cross-Site Scripting
Код:
source: https://www.securityfocus.com/bid/23574/info

Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, control how the site is rendered to the user, compromise the application, obtain sensitive information, and access or modify data. 

http://www.example.com/external/magpierss/scripts/magpie_debug.php?url=<script> alert(document.cookie) </script>
 
Источник
www.exploit-db.com

Похожие темы