Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS 漏洞 #503

Closed
gh0stkey opened this issue Nov 14, 2017 · 2 comments

Comments

2 participants
@gh0stkey
Copy link

commented Nov 14, 2017

Hi,man.I found a Cross-Site-Scripting vulnerability in user center

First,my test environment

OS : MacOS 10.12.6
Browser : FireFox
Data : 2017.11.14 10:26 PM

Second,vulnerability details

I built a program with symphony.

Location : /admin/user/userid

Exploit Method :

1.Need a account

2.Forge IP(symphony is based on X-Forwarded-For to get the IP),so i can change the content of the HTTP Headers X-Forwarded-For.This content is xss payload "><svg/onload=alert(1)>.
img1

3.Login to your account based on the above steps

4.If admin edit your user info.Attack is triggered.

5.Administrator perspective :
img2

Xss payload alert :
img3

Third,others

This vulnerability can get Administrator's cookie.Hazard can be imagined.
Vulnerability Reporter : vulkey(mstsec)

@88250 88250 self-assigned this Nov 14, 2017

@88250 88250 added the bug label Nov 14, 2017

@88250 88250 added this to the 2.3.0 milestone Nov 14, 2017

@88250

This comment has been minimized.

Copy link
Member

commented Nov 14, 2017

Thank u, I will fix this security issue asap.

88250 added a commit that referenced this issue Nov 14, 2017

88250 added a commit that referenced this issue Nov 14, 2017

@88250

This comment has been minimized.

Copy link
Member

commented Nov 14, 2017

I escaped all string properties of user, article and comment in admin console. Please help us to verify it if you would, thanks.

@88250 88250 closed this Nov 14, 2017

@88250 88250 changed the title Cross-Site-Scripting vulnerability in user center XSS 漏洞 Nov 15, 2017

88250 added a commit that referenced this issue Nov 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.