[转帖]KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability-WEB安全-看雪-安全社区|安全招聘|kanxue.com

[转帖]KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

发表于: 2010-8-12 12:36 1880

[转帖]KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

freebsdlin 活跃值

2010-8-12 12:36

1880

# Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability

# Date: 2010-08-11

# Author: fdisk

# Software Link: 94fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3E0F1L8%4N6D9k6h3c8Y4k6i4c8J5k6h3g2Q4x3X3g2U0L8$3#2Q4x3V1k6H3M7X3!0V1N6h3y4@1M7#2)9J5c8X3y4G2L8h3#2#2L8X3W2@1P5g2)9J5c8X3c8G2N6$3&6D9L8$3q4V1i4K6t1$3L8X3u0K6M7q4)9K6b7W2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.

# Version: 3.5.2

# Notes: Fixed in the last version.

Go to search box or search criteria, enter your javascript code and save your search.

These searches can be shared with all the users enabling us to insert malicious javascript code.

POC:

Load fd3K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4G2j5$3q4D9K9r3!0K6N6q4)9J5c8X3c8S2M7$3S2T1L8$3q4J5k6q4)9J5k6i4m8Z5M7l9`.`. or 6e1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3I4G2j5$3q4D9K9r3!0K6N6q4)9J5c8Y4y4W2j5i4u0U0K9o6u0Q4x3X3g2H3K9s2m8Q4x3@1k6S2j5%4c8A6L8$3&6Q4x3@1c8K6k6h3q4J5j5$3S2d9k6i4y4#2L8s2c8K6 in the textbox enter <script>alert('moo')</script> and save your search.

Load saved searches to view result.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・1

免费・0

支持