Skip to content

There is a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system v3.1.2 #3

Open
@222ABC

Description

@222ABC

Affected version: Wuzhi CMS v3.1.2
Github download address: https://github.com/wuzhicms/b2b
Usage tool: Burpsuite

Vulnerability recurrence process:
(1) Firstly, enter the website backend, click on the extension module, and then click on online payment, as shown in the following figure:
图片

(2) Enable the Burpsuite agent, click Search to capture packets, as shown in the following figure:
图片
图片

(3) After the parameter: keyValue, enter payload: "OnMoUsEoVeR=prompt (1)// and release the data packet.
图片

(4) At this point, it can be seen that an additional "" appears at the order number, which can trigger this vulnerability when the mouse is placed, as shown in the following figure:
图片
图片

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions