Home Bug & Exploit Drupal Cross Site Scripting avatar_uploader v7.x-1.0-beta8

Drupal Cross Site Scripting avatar_uploader v7.x-1.0-beta8

70
0

Drupal is a free and open content management system software distributed under the GPL license, the development and maintenance of which is carried out by a worldwide community of users and developers.

This plugin creates a avatar_uploader from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

Proof of Concept (PoC) :
http://$target/avatar_uploader.pages.inc?file=alert("test")
Change $target to website domain, example : domain.com

Source :
https://www.exploit-db.com/exploits/50841

This information is published only for security and learning reasons, any kind of damage and misuse is beyond our responsibility. Use this information wisely

SQLi Injection in ATOM CMS 2.0

The AtomCMS was created for learning purposes. The Digital Craft relies solely on funds from [donations] (http://www.thedigitalcraft.com), [YouTube ads] (http://youtube.com/thedigicraft), Read more

Unauthenticated Admin Account Creation in WordPress MasterStudy LMS 2.7.5

WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP[4] and paired with a MySQL Read more

Previous articleWhat is NAMSO and Mass Card Number Generator
Next articleBest Lofi Gustixa Playlist on YouTube 2022

LEAVE A REPLY

Please enter your comment!
Please enter your name here