| عنوان | zzzcms-V2.2.0 has an arbitrary URL redirection vulnerability. |
|---|
| الوصف | The official website for this CMS is http://www.zzzcms.com/a/news/31_313.html. You can download the CMS from http://x.x.x.x/zzzphp.zip. Download and install zzzcms. After installation is complete, go to the homepage.Click on the registration button in the top right corner and register a new user.Navigate to the personal profile page in the user center. In the text box for personal introduction, enter the payload: <meta http-equiv=refresh content=2,url=http://www.baidu.com> and save.Now go to the account information page in the user center. This page will automatically redirect to the website http://www.baidu.com.
Arbitrary URL redirection vulnerabilities allow attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, malware downloads, and potential theft of sensitive data.
The version is for the zzzcms is V2.2.0. |
|---|
| المصدر | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul8.md |
|---|
| المستخدم | JackYu (UID 52658) |
|---|
| ارسال | 12/10/2023 06:59 PM (3 سنوات منذ) |
|---|
| الاعتدال | 13/10/2023 09:11 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 242147 [ZZZCMS 2.2.0 Personal Profile Page البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|