Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-18268 PoC — Z-BlogPHP 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-18268.yaml
Associated Vulnerability
Title:Z-BlogPHP 输入验证错误漏洞 (CVE-2020-18268)
Description:Z-BlogPHP是Z-blog社区的一套开源的基于PHP的博客系统。 Z-BlogPHP 存在输入验证错误漏洞,该漏洞源于Z-BlogPHP v1.5.2和更早版本中的Open Redirect在运行过程中存在配置等错误。攻击者可利用该漏洞通过组件“zb system cmd.php”中的“Redirect”参数获取敏感信息。
Description
Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
File Snapshot

 id: CVE-2020-18268

info:
  name: Z-Blog <=1.5.2 - Open Redirect
  author: 0x_Akoko
  severity: medi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.