Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-46888 PoC — NexusPHP 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-46888.yaml
Associated Vulnerability
Title:NexusPHP 跨站脚本漏洞 (CVE-2022-46888)
Description:NexusPHP是一款免费开源的完整的 PT 建站解决方案。 NexusPHP 1.7.33之前版本存在安全漏洞,攻击者可利用该漏洞许远程攻击者通过/login.php中的秘密参数注入任意网页脚本或HTML; /user-ban-log.php 中的 q 参数; /log.php 中的查询参数; /moresmiles.php 中的文本参数; myhr.php 中的 q 参数; 或 /viewrequests.php 中的 id 参数。
Description
NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..
File Snapshot

 id: CVE-2022-46888

info:
  name: NexusPHP <1.7.33 - Cross-Site Scripting
  author: r3Y3r53
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.