POC详情: 3fe1e75c275907f54df2bbb7d8ad20fa3be71711

来源
https://github.com/Akhlak2511/CVE-2024-50969
关联漏洞
标题: Code-Projects Jonnys Liquor 安全漏洞 (CVE-2024-50969)
描述:Code-Projects Jonnys Liquor是Code-Projects开源的一个内容与管理系统。 Code-Projects Jonnys Liquor 1.0版本存在安全漏洞,该漏洞源于容易受到反射型跨站脚本攻击,允许远程攻击者通过搜索参数注入任意Web脚本或HTML。
介绍
# CVE-2024-50969

## Description

A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.

## Vulnerability Type
Cross Site Scripting (XSS)

## Vendor of Product
Code-projects

## Affected Product Code Base:
https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/ - 1.0

## Affected Component:
browse.php

## Attack Vectors:
1. Set up the application locally
2. Navigate to the following URL in your web browser:
   http://localhost/jonnysLiquor-master/
3. In the search input field of the application, enter the following payload:
   "><script>alert(1)</script>
4. After submitting the input, the script executes in the browser, confirming the reflected XSS vulnerability.

## Reference:
1. https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/
2. https://owasp.org/www-community/attacks/xss/
3. https://portswigger.net/web-security/cross-site-scripting/reflected
文件快照

 [4.0K]  /data/pocs/3fe1e75c275907f54df2bbb7d8ad20fa3be71711
└── [1.0K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。