| 제목 | 福州网钛软件科技有限公司 idcCMS V1.60 Cross-site Scripting |
|---|
| 설명 | Summary
A reflected Cross Site Scripting (XSS) vulnerability exists in idcCMS V1.60 due to improper sanitization of the $idName parameter in /inc/classProvCity.php.
Details
idcCMS V1.60 suffers from a Reflected Cross Site Scripting (XSS) vulnerability due to improper sanitization of the $idName parameter within the GetCityOptionJs method of the ProvCity class. This vulnerability can be exploited by an attacker to inject malicious scripts into the web application, which can then be executed in the browsers of other users.
// ···
class ProvCity{
// 获取城市数据
public static function GetDeal(){
$idName = trim(@$_GET['idName']);
$prov = trim(@$_GET['prov']);
echo(ProvCity::GetCityOptionJs($idName, $prov, ''));
}
// ···
public static function GetCityOptionJs($idName,$prov,$defVal='no'){
$provArr = self::GetCityArr($prov);
$retStr = 'document.getElementById("'. $idName .'").options.length=0;';
if ($defVal != 'no'){
if (count($provArr) == 0 && strlen($defVal) == 0){
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("请先选择省份",""));';
}else{
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("'. $defVal .'",""));';
}
}
foreach ($provArr as $val){
$retStr .= 'document.getElementById("'. $idName .'").options.add(new Option("'. $val .'","'. $val .'"));';
}
return $retStr;
}
}
Proof of Concept (POC)
http://target-ip/read.php?idName=1%3Cscript%3Ealert(document.cookie)%3C/script%3E&mudi=getCityData |
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/75 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 11. 12. PM 12:36 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 21. AM 07:47 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 285657 [idcCMS 1.60 /inc/classProvCity.php GetCityOptionJs idName 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|