CVE-2024-50969 PoC — Code-Projects Jonnys Liquor 安全漏洞

Source

https://github.com/Akhlak2511/CVE-2024-50969

Associated Vulnerability

Title:Code-Projects Jonnys Liquor 安全漏洞 (CVE-2024-50969)
Description:Code-Projects Jonnys Liquor是Code-Projects开源的一个内容与管理系统。 Code-Projects Jonnys Liquor 1.0版本存在安全漏洞，该漏洞源于容易受到反射型跨站脚本攻击，允许远程攻击者通过搜索参数注入任意Web脚本或HTML。

Readme

# CVE-2024-50969

## Description

A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.

## Vulnerability Type
Cross Site Scripting (XSS)

## Vendor of Product
Code-projects

## Affected Product Code Base:
https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/ - 1.0

## Affected Component:
browse.php

## Attack Vectors:
1. Set up the application locally
2. Navigate to the following URL in your web browser:
   http://localhost/jonnysLiquor-master/
3. In the search input field of the application, enter the following payload:
   "><script>alert(1)</script>
4. After submitting the input, the script executes in the browser, confirming the reflected XSS vulnerability.

## Reference:
1. https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/
2. https://owasp.org/www-community/attacks/xss/
3. https://portswigger.net/web-security/cross-site-scripting/reflected

File Snapshot


 [4.0K]  /data/pocs/3fe1e75c275907f54df2bbb7d8ad20fa3be71711
└── [1.0K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!