Home / os / wince

NeuroInformatics Database - Cross-Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>NeuroInformatics Database - Cross-Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[-] Title : NeuroInformatics Database - Cross-Site Scripting [-] Author : Shahab Shamsi [-] Vendor : https://github.com/gbook/nidb [-] Category : Webapps [-] Date : 06.September.2016 Vulnerable page : nidb/web/getfile.php Vulnerable Source : Line79: echo echo "no match for [$ext] extension"; Line36: $ext = strtolower($pathparts['extension']); Line35: $pathparts = pathinfo($file); Line20: $file = $_POST['file']; POC : http://localhost/nidb/web/getfile.php?file=[XSS] ************************ * ==> Contact Me : * Telegram : @R4DIK4L * Email : info@securityman.org * WebSilte : WwW.MohitAmn.Org * Tnx : AmirHossein Farjad ************************ </BODY></HTML>

 

TOP