| タイトル | zzzcms-V2.2.0 has an arbitrary URL redirection vulnerability. |
|---|
| 説明 | The official website for this CMS is http://www.zzzcms.com/a/news/31_313.html. You can download the CMS from http://x.x.x.x/zzzphp.zip. Download and install zzzcms. After installation is complete, go to the homepage.Click on the registration button in the top right corner and register a new user.Navigate to the personal profile page in the user center. In the text box for personal introduction, enter the payload: <meta http-equiv=refresh content=2,url=http://www.baidu.com> and save.Now go to the account information page in the user center. This page will automatically redirect to the website http://www.baidu.com.
Arbitrary URL redirection vulnerabilities allow attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, malware downloads, and potential theft of sensitive data.
The version is for the zzzcms is V2.2.0. |
|---|
| ソース | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul8.md |
|---|
| ユーザー | JackYu (UID 52658) |
|---|
| 送信 | 2023年10月12日 18:59 (3 年 ago) |
|---|
| モデレーション | 2023年10月13日 21:11 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 242147 [ZZZCMS 2.2.0 Personal Profile Page クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|