qiwen-file has a stored XSS vulnerability.

The file renaming functionality in the qiwen-file contains a stored XSS vulnerability, allowing attackers to inject malicious code into the file names.

This vulnerability enables the malicious code to run on both the file directory and the file sharing pages. Once an attacker creates a shared file with malicious code and the victim opens the malicious sharing link, the malicious code will be executed.

To exploit this vulnerability, an account is required. The attacker needs to enter the cloud drive, create or upload any file, right-click to choose the rename option, input the payload in the new file name field, and click OK to execute the attack.

Payload:
```xml
<img src="" onerror="alert(document.cookie)">
```
![输入图片说明](https://foruda.gitee.com/images/1705286159333995337/e0b3b7a4_4836459.png "屏幕截图")

### When accessing the directory containing the file, the malicious code is successfully triggered:
![输入图片说明](https://foruda.gitee.com/images/1705286195642993303/5656db21_4836459.png "屏幕截图")
![输入图片说明](https://foruda.gitee.com/images/1705286200048653295/9ca1a65b_4836459.png "屏幕截图")
### When the victim accesses the shared link to the file, the malicious code is successfully triggered:
![输入图片说明](https://foruda.gitee.com/images/1705286231065122686/d8118a0a_4836459.png "屏幕截图")
![输入图片说明](https://foruda.gitee.com/images/1705286236528107593/b4ab93d6_4836459.png "屏幕截图")
### Security Recommendations
- Implement strict user input filtering.
- Exercise strict control over page content rendering.

奇文社区/qiwen-file

内容风险标识

评论 (0)

奇文社区/qiwen-file .gitee-modal { width: 500px !important; }

内容风险标识