POC详情: 181a6d7afbc7476934a5b4390737aca47a9068dc

来源
https://github.com/Justin-1993/CVE-2021-38699
关联漏洞
标题: Tastylgniter 跨站脚本漏洞 (CVE-2021-38699)
描述:TastyIgniter是一个基于Laravel PHP Framework的免费开源在线订购软件,旨在让开发者和餐馆老板享受生活。 Tastylgniter 3.0.7存在跨站脚本漏洞,该漏洞源于软件中的/account, /reservation, /admin/dashboard, 和/admin/system_logs目录中缺少对于用户提交数据的有效验证。
描述
TastyIgniter 3.0.7 allows XSS via the name field during user-account creation
介绍
# CVE-2021-38699 TastyIgniter 3.0.7 allows XSS via the name field during user-account creation.


A Stored Cross Site Scripting Vulnerability exists in multiple pages of TastyIgniter v3.0.7 that allows for arbitrary execution of JavaScript. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699

Vulnerable Pages:
/account, /reservation, /admin/dashboard, /admin/system_logs

Vulnerable Payloads:
“><script> alert(1) </script> <script> alert(1) </script>


Found by Justin White and Matt Kiely | HuskyHacks, August 2021
文件快照

 [4.0K]  /data/pocs/181a6d7afbc7476934a5b4390737aca47a9068dc
└── [ 530]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。