Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-20982 PoC — shadow 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-20982.yaml
Associated Vulnerability
Title:shadow 跨站脚本漏洞 (CVE-2020-20982)
Description:shadow是一套用于维护Debian系统的工具套件。 shadow web wdja 中存在跨站脚本漏洞,该漏洞源于产品的/php/passport/index.php文件未能正确处理backurl参数中的数据。攻击者可通过该漏洞执行客户端代码。以下产品及版本受到影响:shadowweb wdja v1.5.1 版本。
Description
shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.
File Snapshot

 id: CVE-2020-20982

info:
  name: shadoweb wdja v1.5.1 - Cross-Site Scripting
  author: pikpikcu,rit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.