| Название | zzzcms-V2.2.0 has an arbitrary URL redirection vulnerability. |
|---|
| Описание | The official website for this CMS is http://www.zzzcms.com/a/news/31_313.html. You can download the CMS from http://x.x.x.x/zzzphp.zip. Download and install zzzcms. After installation is complete, go to the homepage.Click on the registration button in the top right corner and register a new user.Navigate to the personal profile page in the user center. In the text box for personal introduction, enter the payload: <meta http-equiv=refresh content=2,url=http://www.baidu.com> and save.Now go to the account information page in the user center. This page will automatically redirect to the website http://www.baidu.com.
Arbitrary URL redirection vulnerabilities allow attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, malware downloads, and potential theft of sensitive data.
The version is for the zzzcms is V2.2.0. |
|---|
| Источник | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul8.md |
|---|
| Пользователь | JackYu (UID 52658) |
|---|
| Представление | 12.10.2023 18:59 (3 лет назад) |
|---|
| Модерация | 13.10.2023 21:11 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 242147 [ZZZCMS 2.2.0 Personal Profile Page межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|