CVE-2019-18873 PoC — FUDForum 跨站脚本漏洞

Source

https://github.com/fuzzlove/FUDforum-XSS-RCE

Associated Vulnerability

Title:FUDForum 跨站脚本漏洞 (CVE-2019-18873)
Description:FUDForum是一套基于PHP的开源论坛软件。 FUDForum 3.0.9版本中存在跨站脚本漏洞。攻击者可通过向admsession.php和admuser.php脚本发送特制请求利用该漏洞在系统上执行任意代码。

Description

FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

Readme

# FUDforum-XSS-RCE
FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

Multiple Stored XSS vulnerabilities have been found in FUDforum 3.0.9 that can result in remote code execution.

Stored XSS via username in forum: [Info](https://github.com/fuzzlove/FUDforum-XSS-RCE/blob/master/forumxss.md) | [Demo](https://youtu.be/fR8hVK1paks)

Stored XSS via useragent in admin panel: [Info](https://github.com/fuzzlove/FUDforum-XSS-RCE/blob/master/adminpanel.md) | [Demo](https://youtu.be/0gsJQ82TXw4)

File Snapshot


 [4.0K]  /data/pocs/8f61df6e1a2fed914d20204b81520a107579b0ac
├── [1.7K]  adminpanel.md
├── [1.2K]  forumxss.md
├── [8.4K]  fud.js
└── [ 521]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!