CVE-2017-12544 PoC — HPE System Management Homepage Software 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12544.yaml

Associated Vulnerability

Title:HPE System Management Homepage Software 跨站脚本漏洞 (CVE-2017-12544)
Description:HPE System Management Homepage（SMH）Software是美国惠普企业（Hewlett Packard Enterprise，HPE）公司的一个基于Web的界面。该界面可整合和简化对运行HP-UX、Linux和Microsoft Windows操作系统的HP服务器的单系统管理过程。 HPE SMH Software 7.6.1之前的版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞执行任意代码。

Description

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

File Snapshot


 id: CVE-2017-12544

info:
  name: HPE System Management - Cross-Site Scripting
  author: divya_mudga

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!