Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-27008 PoC — ATutor 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27008.yaml
Associated Vulnerability
Title:ATutor 跨站脚本漏洞 (CVE-2023-27008)
Description:ATutor是Atutor团队的一套开源的基于Web的学习内容管理系统(LCMS)。该系统包括教学内容管理、论坛、聊天室等模块。 ATutor 2.2.1版本存在安全漏洞,该漏洞源于通过encrypt_password() 函数发现包含跨站脚本 (XSS) 漏洞。攻击者利用该漏洞通过token参数注入任意Web脚本或HTML。
Description
ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.
File Snapshot

 id: CVE-2023-27008

info:
  name: ATutor < 2.2.1 - Cross Site Scripting
  author: r3Y3r53
  severity

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.