| Title | zzzcms-V2.2.0 has an arbitrary URL redirection vulnerability. |
|---|
| Description | The official website for this CMS is http://www.zzzcms.com/a/news/31_313.html. You can download the CMS from http://x.x.x.x/zzzphp.zip. Download and install zzzcms. After installation is complete, go to the homepage.Click on the registration button in the top right corner and register a new user.Navigate to the personal profile page in the user center. In the text box for personal introduction, enter the payload: <meta http-equiv=refresh content=2,url=http://www.baidu.com> and save.Now go to the account information page in the user center. This page will automatically redirect to the website http://www.baidu.com.
Arbitrary URL redirection vulnerabilities allow attackers to redirect users to malicious websites without their knowledge. This can lead to phishing attacks, malware downloads, and potential theft of sensitive data.
The version is for the zzzcms is V2.2.0. |
|---|
| Source | ⚠️ https://github.com/Jacky-Y/vuls/blob/main/vul8.md |
|---|
| User | JackYu (UID 52658) |
|---|
| Submission | 10/12/2023 18:59 (3 years ago) |
|---|
| Moderation | 10/13/2023 21:11 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 242147 [ZZZCMS 2.2.0 Personal Profile Page cross site scripting] |
|---|
| Points | 20 |
|---|