Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Report CVE RCE Vulnerability in antSword #150
1# Report CVE RCE Vulnerability in antSword
The XSS in the classification directory has not been repaired, possibly because it is too weak and neglected by the authorities
The JS substitution is obviously used here, but the authorities forgot to filter the use of single quotes, so we can take advantage of it here
It uses the DHTMLX framework.
In the framework DHTMLXOOLBAR.JS file, we found the vulnerability at line 1775.
this.obj.innerHTML = "<input class='dhxtoolbar_input' type='text' style='width:"+this.obj.w+"px;'"+(data.value!=null?" value='"+data.value+"'":"")+">"; ```
The content will be output unchanged to value value='"+data.value+"'":"")+">"; Resulting in vulnerabilities in XSS.
0x03 ## Attack approach.
Building the oninput to trigger the XSS
In the end
POC: 'autofocus onfocus=alert
Decoding Base64 :