CVE-2019-18873 PoC — FUDForum 跨站脚本漏洞

Source

Associated Vulnerability

Description

FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

Readme

# FUDforum-XSS-RCE
FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

Multiple Stored XSS vulnerabilities have been found in FUDforum 3.0.9 that can result in remote code execution.

Stored XSS via username in forum: [Info](https://github.com/fuzzlove/FUDforum-XSS-RCE/blob/master/forumxss.md) | [Demo](https://youtu.be/fR8hVK1paks)

Stored XSS via useragent in admin panel: [Info](https://github.com/fuzzlove/FUDforum-XSS-RCE/blob/master/adminpanel.md) | [Demo](https://youtu.be/0gsJQ82TXw4)

File Snapshot

 [4.0K]  /data/pocs/8f61df6e1a2fed914d20204b81520a107579b0ac
├── [1.7K]  adminpanel.md
├── [1.2K]  forumxss.md
├── [8.4K]  fud.js
└── [ 521]  README.md

0 directories, 4 files

Remarks