Cross-site scripting vulnerability in moodle 3.2

There is a xss vulnerability in moodle 3.2 latestIn admin page Add a new course ,Course summary filter have xss vulnerability payload :<svg onload="alert('Coursesummary')"></svg>save and display  when we viste

阅读全文»

XSS攻击另类玩法

XSS攻击另类玩法 今天就来讲一下大家都熟悉的 xss漏洞的攻击利用。相信大家对xss已经很熟悉了,但是很多安全人员的意识里 xss漏洞危害只有弹窗或者窃取cookie。但是xss还有更多的花式玩法,今天将介绍几种。1.  xss攻击添加管理员后台触发存储型XSS,网站设置http-only,窃取的cookie无效。那么如何在这种情况下利用xss漏洞。无法获取cookie,但是我们可以利用xss漏洞,以管理员的权限,添加一个新的管理员。没错,就是让管理员给我们加一个高权限账号

阅读全文»

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-23

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16 in adminpageUse this vulnerabilitie must be login admin page " _src="http://localhost/admin/modules/bibliography/checkout_item.php?keywords="˃"˃http://local

阅读全文»

Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3

There is a Store XSS Vulnerability in Wordpress plugin WP Markdown Editor Version 2.0.3 When i use Wordpress plugin WP Markdown Editor  add new post or edit post i fund a store xss vulnerabilitypost in content input the xss payload <img src=x

阅读全文»

Cross-site scripting vulnerability in CMS Made Simple 2.1.6

 CMS Made Simple in adminpage > sitesetting > General Settings > globalmetadata filed has xss vulnerabilitythen visite any page has Cross-site scripting vulnerability

阅读全文»

Cross-site scripting (XSS) vulnerability in CMS Made Simple 2.1.6

in adminpage > Design Manager > Categories options  Create a new Category Desciption filed  has xss vulnerability  first create a new catagory and in Description write the payload </textarea><svg/onload=alert(0)> and

阅读全文»

Cross Site Scripting injection vulnerability in SANADATA SanaCMS 7.3

Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. A Vendor HomePage: https://www.sanadata.com/A Version : 7.3A Dork : i

阅读全文»