The exploit demonstrates two vulnerabilities in W-Agora v4.2.1: a reflected XSS via the 'showuser' parameter and a file inclusion vulnerability via the 'bn' parameter in rss.php. Both exploits are provided as direct URLs with payloads.
Classification
Working Poc 90%
Attack Type
Xss | Other
Complexity
Trivial
Reliability
Reliable
Target:W-Agora v4.2.1
No auth needed
Prerequisites:Access to the target web application