CVE-2023-24322 PoC — mojoPortal 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-24322.yaml

Associated Vulnerability

Title:mojoPortal 跨站脚本漏洞 (CVE-2023-24322)
Description:mojoPortal是美国Joe Audette个人开发者的一套开源的、面向对象的网站架构（WSF）和内容管理系统（CMS）。该系统提供事件日历、相册、文件管理器等。 mojoPortal v2.7.0.0版本存在安全漏洞，该漏洞源于FileDialog.aspx组件中存在反射型跨站脚本(XSS)，攻击者利用该漏洞可以通过将精心设计的有效载荷注入到ed和tbi参数来执行任意Web脚本或HTML。

Description

mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.

File Snapshot


 id: CVE-2023-24322

info:
  name: mojoPortal 2.7.0.0 - Cross-Site Scripting
  author: pikpikcu
  sev

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!