CVE-2015-8349 PoC — SourceBans 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-8349.yaml

Associated Vulnerability

Title:SourceBans 跨站脚本漏洞 (CVE-2015-8349)
Description:SourceBans是Sourcebans团队的一套用于Source引擎（一款3D游戏引擎）的高级管理系统。该系统支持系统管理员对服务器上所有用户设置管理权限和通过网络在服务器端终止游戏等。 SourceBans中存在跨站脚本漏洞，该漏洞源于程序没有充分过滤用户提交的输入。远程攻击者可通过向index.php文件发送‘advSearch’参数利用该漏洞注入任意的Web脚本或HTML。

Description

SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.

File Snapshot


 id: CVE-2015-8349

info:
  name: SourceBans <2.0 - Cross-Site Scripting
  author: pikpikcu
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!