Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Fastadmin-V1.0.0.20200506_beta - Stored cross-site scripting attacks

CVE ID:CVE-2020-22609

Affected products:Fastadmin

Vulnerability type:Stored cross-site scripting attacks

Version :V1.0.0.20200506_beta

Product manual :FastAdmin is an extremely fast background development framework based on ThinkPHP5+Bootstrap.

Vulnerability description:fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) vulnerability which may allow an attacker to obtain administrator credentials to log in to the background.

  1. Through audit analysis of \application\admin\controller\Category.php, it was found that no comprehensive filtering was performed
    image
  2. Click the category management-edit-nickname box to insert xss statement
    image
    image
  3. Rebound administrator identity information
    image
  4. payload:
    image