Exploits / Vulnerability Discovered : 2018-10-11 |
Type : webapps |
Platform : php
This exploit / vulnerability Wikidforum 2.20 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Wikidforum 2.20 - Cross-Site Scripting
# Date: 2018-10-10
# Exploit Author: Amir Hossein Mahboubi
# Vendor Homepage: https://sourceforge.net/projects/wikidforum/
# Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download
# Version: <=2.20(Latest)
# Tested on: Linux & Windows
# Vulnerable POST parameter: reply_text
# HTTP Requests for injecting XSS as post comment:
# Pre condition: A loged in user can post comment, signup is possible for everyone