| Title | Dreamer CMS column/article there is an XSS hijacking vulnerability caused by arbitrary file upload |
|---|
| Description | When reviewing the code, I found that the upload function point of the interface did not verify the suffix or content of the uploaded file, resulting in the arbitrary upload of maliciously constructed content for xss hijacking. The code screenshot is as follows:
https://github.com/XinCaoZ/dreamer_cms_POC/blob/main/%E5%BE%AE%E4%BF%A1%E5%9B%BE%E7%89%87_20230320102944.png(Photo address)
Please check my github repository for specific verification of poc:
https://github.com/XinCaoZ/dreamer_cms_POC
|
|---|
| Source | ⚠️ https://github.com/iteachyou-wjn/dreamer_cms/issues/11 |
|---|
| User | Xinca0 (UID 43189) |
|---|
| Submission | 03/20/2023 04:22 (3 years ago) |
|---|
| Moderation | 03/30/2023 21:31 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 224634 [Dreamer CMS up to 3.5.0 File Upload cross site scripting] |
|---|
| Points | 20 |
|---|