Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The JEESNS has a storage-type XSS vulnerability #1

Open
Pick-program opened this issue Aug 19, 2022 · 0 comments
Open

The JEESNS has a storage-type XSS vulnerability #1

Pick-program opened this issue Aug 19, 2022 · 0 comments

Comments

@Pick-program
Copy link
Owner

Tools required: BurpSuite, IDEA (Eclipse)

Required source download address:
https://github.com/zchuanzhao/jeesns/releases

Deployment Instructions:
https://gitee.com/zchuanzhao/jeesns#%E9%83%A8%E7%BD%B2%E8%AF%B4%E6%98%8E

图片
图片

Posting Payload in the "Twitter" function:

<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=>

The stored XSS vulnerability can be triggered (the XSS vulnerability can obtain the cookie value of others, so as to forge the identity of others to log in, which is risky) :

The code flow starts here at weibocontroller.java to get whether the user is logged in:
图片

Then you call the XSS filter class, and the value you input will be checked for the following keywords. If there are any, the javascript statement will be disabled by underlining those sensitive words. This method can be circumvented by coding, such as payload, above. The < script > alert (" XSS ") < / script >

Base64 encoded into PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4 =

Use spurious protocol triggering to bypass detection:

图片
图片
图片

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant