| タイトル | xunruicms 4.7.1 xss |
|---|
| 説明 | XunRuiCMS version 4.7.1 and earlier is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the JSONP callback parameter. The vulnerability exists in the dr_show_error() function (lines 272-276) and dr_exit_msg() function (lines 296-300) located in /dayrui/Fcms/Init.php. When processing JSONP requests, the application retrieves the 'callback' parameter directly from $_GET['callback'] and echoes it to the HTTP response without any input validation, output encoding, or sanitization. This allows a remote unauthenticated attacker to inject arbitrary JavaScript code by crafting a malicious URL such as: http://[target]/index.php?s=api&c=api&m=test&callback=alert(document.cookie)// When a victim clicks on this malicious link, the injected JavaScript code executes in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or other malicious actions. The vulnerability can be exploited without authentication and only requires user interaction (clicking a malicious link). Note that the _jsonp() method in /dayrui/Fcms/Core/Phpcmf.php correctly uses dr_safe_replace() for callback sanitization, but the global functions dr_show_error() and dr_exit_msg() in Init.php do not implement the same protection, creating an inconsistent security posture. |
|---|
| ソース | ⚠️ https://note-hxlab.wetolink.com/share/gbCf35DJ3los |
|---|
| ユーザー | yu22x (UID 34832) |
|---|
| 送信 | 2025年12月16日 04:15 (4 月 ago) |
|---|
| モデレーション | 2025年12月27日 12:26 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338522 [dayrui XunRuiCMS 迄 4.7.1 JSONP Callback /dayrui/Fcms/Init.php dr_show_error/dr_exit_msg callback クロスサイトスクリプティング] |
|---|
| ポイント | 19 |
|---|