CVE-2022-28454 PoC — Limbas 跨站脚本漏洞

Source

https://github.com/YavuzSahbaz/Limbas-4.3.36.1319-is-vulnerable-to-Cross-Site-Scripting-XSS-

Associated Vulnerability

Title:Limbas 跨站脚本漏洞 (CVE-2022-28454)
Description:Limbas是德国Limbas公司的一个用 PHP 编写的数据库框架。用于创建数据库驱动的业务应用程序。 Limbas 4.3.36.1319 版本存在安全漏洞，该漏洞源于易受跨站脚本 (XSS) 攻击。攻击者可以在合法网站或 Web 应用程序中执行恶意脚本

Description

CVE-2022-28454

Readme

# Limbas-4.3.36.1319-is-vulnerable-to-Cross-Site-Scripting-XSS

DESCRIPTION

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS)
LIMBAS  ( http://www.limbas.org/ ) - 4.3.36.1319

PROOF OF CONCEMT

UPDATE/up_2_0.php the page reflexed with the XSS code

EXAMPLE PAYLOAD

1'"()&%<acx><ScRiPt >9M2m(9617)</ScRiPt>

DETAILS XSS
  
Cross-site Scripting (XSS) refers to a client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

File Snapshot


 [4.0K]  /data/pocs/c7187ad696bcabc714135183884ac7a82de16d9e
└── [ 621]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!