Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-24912 PoC — Matthias Van Woensel qcubed 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-24912.yaml
Associated Vulnerability
Title:Matthias Van Woensel qcubed 跨站脚本漏洞 (CVE-2020-24912)
Description:Matthias Van Woensel qcubed是 (Matthias Van Woensel) 的一个应用软件。提供了一个一个PHP模型-视图-控制器快速应用程序开发框架。 qcubed (all versions including 3.1.1) 存在跨站脚本漏洞,该漏洞允许未经身份验证的攻击者窃取身份验证用户的会话。
Description
A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
File Snapshot

 id: CVE-2020-24912

info:
  name: QCube Cross-Site-Scripting
  author: pikpikcu
  severity: medium
 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.