| 제목 | ghostxbh uzy-ssm-mall v1.0.0 Cross Site Scripting |
|---|
| 설명 | Vulnerability Description
uzy-ssm-mall v1.0.0 is vulnerable to Cross-Site Scripting (XSS) attacks. Due to the absence of an XSS filter in web.xml and the lack of input escaping mechanisms, attackers can inject malicious scripts at any input point, allowing the execution of arbitrary code in the user's browser. This vulnerability affects the entire site and may lead to severe consequences such as session hijacking and data leakage.
Vulnerability Location
web.xml
Code Audit Process
Vulnerability File Path / File Name: web.xml
Code Analysis:
The code does not utilize any XSS filters or escaping functions, such as htmlspecialchars or htmlentities.
No filtering or escaping is applied to user input at input points.
web.xml does not configure an XSS filter; only a login interception filter is configured.
POC (Proof of Concept)
Example of an input point:
http(s)://target-ip/mall/product?product_name=</title><script>alert(1)</script> |
|---|
| 원천 | ⚠️ https://wiki.shikangsi.com/post/share/3cae2847-317e-47d6-8f2a-c6fbba301d8e |
|---|
| 사용자 | XingYue_Mstir (UID 72225) |
|---|
| 제출 | 2025. 04. 02. AM 11:57 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 14. AM 12:36 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 304601 [ghostxbh uzy-ssm-mall 1.0.0 /product product_name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|