Open
Description
Affected version: Wuzhi CMS v3.1.2
Github download address: https://github.com/wuzhicms/b2b
Usage tool: Burpsuite
Vulnerability recurrence process:
(1) Firstly, enter the website backend, click on the extension module, and then click on online payment, as shown in the following figure:

(2) Enable the Burpsuite agent, click Search to capture packets, as shown in the following figure:


(3) After the parameter: keyValue, enter payload: "OnMoUsEoVeR=prompt (1)// and release the data packet.

(4) At this point, it can be seen that an additional "" appears at the order number, which can trigger this vulnerability when the mouse is placed, as shown in the following figure:


Metadata
Metadata
Assignees
Labels
No labels