QUICK.CMS Cross site scripting - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1632344 漏洞类型
发布时间 2019-06-17 更新时间 2019-06-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060112
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#########################################################################################
# Exploit Title : QUICK.CMS Cross site scripting
# Google Dork : 
# Exploit Author: Mikayil Ilyas
# Vendor Homepage: https://opensolution.org
# Contact : mikayil.ilyasov@gmail.com
# Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.6-en.zip
# version : v6.6
# Date : 16.06.2019
# Tested on : Windows 10 , Kali Linux 
# CVE : 
##########################################################################################

+ Exploit : 

log in admin panel (admin.php) and click to add new page. XSS payload write in "name"  textarea. 
screnshoots

1 : https://i.hizliresim.com/JVX0mJ.png

2 : https://i.hizliresim.com/OrkGm4.png