| Titolo | 福州网钛软件科技有限公司 idcCMS V1.60 Cross-site Scripting |
|---|
| Descrizione | Summary
A reflected Cross Site Scripting (XSS) vulnerability exists in idcCMS V1.60 due to improper sanitization of the $idName parameter in /inc/classProvCity.php.
Details
idcCMS V1.60 suffers from a Reflected Cross Site Scripting (XSS) vulnerability due to improper sanitization of the $idName parameter within the GetCityOptionJs method of the ProvCity class. This vulnerability can be exploited by an attacker to inject malicious scripts into the web application, which can then be executed in the browsers of other users.
// ···
class ProvCity{
// 获取城市数据
public static function GetDeal(){
$idName = trim(@$_GET['idName']);
$prov = trim(@$_GET['prov']);
echo(ProvCity::GetCityOptionJs($idName, $prov, ''));
}
// ···
public static function GetCityOptionJs($idName,$prov,$defVal='no'){
$provArr = self::GetCityArr($prov);
$retStr = 'document.getElementById("'. $idName .'").options.length=0;';
if ($defVal != 'no'){
if (count($provArr) == 0 && strlen($defVal) == 0){
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("请先选择省份",""));';
}else{
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("'. $defVal .'",""));';
}
}
foreach ($provArr as $val){
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("'. $val .'","'. $val .'"));';
}
return $retStr;
}
}
Proof of Concept (POC)
http://target-ip/read.php?idName=1%3Cscript%3Ealert(document.cookie)%3C/script%3E&mudi=getCityData |
|---|
| Fonte | ⚠️ https://github.com/Hebing123/cve/issues/75 |
|---|
| Utente | jiashenghe (UID 39445) |
|---|
| Sottomissione | 12/11/2024 12:36 (2 anni fa) |
|---|
| Moderazione | 21/11/2024 07:47 (9 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 285657 [idcCMS 1.60 /inc/classProvCity.php GetCityOptionJs idName cross site scripting] |
|---|
| Punti | 20 |
|---|