| Название | Zorlan skycaiji 2.8 Cross Site Scripting |
|---|
| Описание | You can see the detailed exploit details on my blog, the password is fushuling123:https://fushuling.com/index.php/2024/06/13/test2/
In the latest version of skycaiji 2.8 (https://github.com/zorlan/skycaiji), I found an XSS vulnerability. The reason is that although the source code prohibits some possible xss tags, the target does not filter the img tag enough, which allows the attacker to bypass it through eval(String.fromCharCode()) and finally cause the xss attack.
We can construct malicious data on our own website. If the target collects data on our website, it will cause XSS to appear.
<?php
$data = array(
'xss' => '<img src=\'xss\' onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))">',
);
$json = json_encode($data);
header('Content-type: application/json');
echo $json;
When the target creates a task to collect data on a malicious web page and clicks on the preview, the malicious code will be triggered, causing XSS to occur.
Enter the webpage where we have constructed malicious data
Since the webpage constructed by the source code has a login record field, and the value of this field is fixed and will not change, if the attacker obtains the cookie through XSS and then writes it into the webshell through the previously submitted code injection function, the attacker can completely execute unauthorized commands in the foreground
My repair suggestion: Filter the collected data to prevent malicious code injection |
|---|
| Источник | ⚠️ https://github.com/zorlan/skycaiji |
|---|
| Пользователь | fushuling (UID 45488) |
|---|
| Представление | 13.06.2024 06:56 (2 лет назад) |
|---|
| Модерация | 21.06.2024 18:32 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 269419 [Zorlan SkyCaiji до 2.8 Task onerror межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|