CVE-2018-6905 PoC — TYPO3 page模块跨站脚本漏洞

Source

https://github.com/pradeepjairamani/TYPO3-XSS-POC

Associated Vulnerability

Title:TYPO3 page模块跨站脚本漏洞 (CVE-2018-6905)
Description:TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统(框架)(CMS/CMF)。page module是其中的一个页面模块。 TYPO3 8.7.11之前版本和9.1.0之前版本中的page模块存在跨站脚本漏洞。远程攻击者可借助$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']利用该漏洞注入任意的Web脚本或HTML。

Description

Typo3 -v9.1.0 Persistent Cross Site Scripting(XSS) Assigned CVE Number: CVE-2018-6905

Readme

# TYPO3-XSS-POC
Typo3 -v9.1.0 Persistent Cross Site Scripting(XSS) Assigned CVE Number: CVE-2018-6905

File Snapshot


 [4.0K]  /data/pocs/721e60d354a7700c0590a43fb9658454f1699481
├── [ 102]  README.md
├── [ 71K]  TYPO3 v9.1.0 Persistent xss POC by Pradeep Jairamani.docx
└── [502K]  TYPO3 v9.1.0 Persistent xss POC by Pradeep Jairamani.pdf

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!