Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Landing-CMS has Storage Cross Site Scripting. #10

Open
SunJ3t opened this issue Nov 20, 2020 · 0 comments
Open

Landing-CMS has Storage Cross Site Scripting. #10

SunJ3t opened this issue Nov 20, 2020 · 0 comments

Comments

@SunJ3t
Copy link

SunJ3t commented Nov 20, 2020
edited
Loading

First access the file management page, then click new file to upload the file, select the html file format.

http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php

payload:<script>alert(document.cookie)</scrtipt>

When we input the file content as payload, we find that the front end does not allow input /, so we can capture the package and modify the content or paste the payload directly into the file content.

image

Right-click the file and select "show url", open the file URL to trigger xss.

image

image

image

When the administrator opens the file after uploading the file, it can also trigger xss.

image

image

image
@SunJ3t SunJ3t changed the title Landing-CMS has Cross Site Scripting. Landing-CMS has Storage Cross Site Scripting. Nov 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SunJ3t