XSS Exploit in Comment
wtf666 opened this issue · comments
X:\xampp\htdocs\mecha-cms\lot\responses\comment\2016-05-18-22-54-04_2016-05-18-23-58-58_0000-00-00-00-00-00.txt
if i post exploit comment i can see input views :3
Name: Tedi Sunjaya
Email: tedisunjaya@yahoo.co.id
Status: 1
Content Type: HTML
Fields: {"user_ip":"::1","user_agent":"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"}
fix it fast or not no problem hehehe just xss exploit :3 nice cms
© 2016 My Awesome Site · Powered by Mecha 1.2.6
jika mau tau exploitnya bisa email di wtf666dotcom@gmail.com ... 👍
Have you tried it with passenger
mode? Because pilot
is allowed to embed the {{php}}
shortcode. Thanks.
i dont login i just login for create post not comment