| 제목 | zzzcms-V2.2.0 has an arbitrary URL redirection vulnerability. |
|---|
| 설명 | The official website for this CMS is http://www.zzzcms.com/a/news/31_313.html. You can download the CMS from http://x.x.x.x/zzzphp.zip. Download and install zzzcms. After installation is complete, go to the homepage.Click on the registration button in the top right corner and register a new user.Navigate to the personal profile page in the user center. In the text box for personal introduction, enter the payload: <meta http-equiv=refresh content=2,url=http://www.baidu.com> and save.Now go to the account information page in the user center. This page will automatically redirect to the website http://www.baidu.com.
Arbitrary URL redirection vulnerabilities allow attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, malware downloads, and potential theft of sensitive data.
The version is for the zzzcms is V2.2.0. |
|---|
| 원천 | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul8.md |
|---|
| 사용자 | JackYu (UID 52658) |
|---|
| 제출 | 2023. 10. 12. PM 06:59 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 10. 13. PM 09:11 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 242147 [ZZZCMS 2.2.0 Personal Profile Page 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|