Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-26247 PoC — Cacti 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26247.yaml
Associated Vulnerability
Title:Cacti 跨站脚本漏洞 (CVE-2021-26247)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据,使用RRDtool绘画图形进行分析,并提供数据和用户管理功能。 Cacti 存在跨站脚本漏洞,未经身份验证的用户可以通过 http://<CACTI_SERVER>/auth_changepassword.php?ref=地址的 ref 参数成功执行 JavaScript 负载。
Description
Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" which can successfully execute the JavaScript payload present in the "ref" URL parameter.
File Snapshot

 id: CVE-2021-26247

info:
  name: Cacti - Cross-Site Scripting
  author: dhiyaneshDK
  severity: med

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.