Headline
CVE-2022-33043: vim/core_tmp.md at main · chen-jerry-php/vim
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.
**Vulnerability title:
**
Bypassing the xss defense by uploading files at the user-added place causes the storage of xss
**Affected versions:
**
Premium v4.0.1.1477
**Discovery time:
**
2022/06/07
**Found by:
**
jerryflag
**analysis report:
**
0x01:
First, I found that this program is vulnerable to stored xss attacks. When I communicated with the program provider, I was told that the program has xss protection, so I bypassed the xss protection through further attempts and made my xss attack effective
0x02:
It was observed that the program has a batch add function, so add the payload to the excel file, simulate the batch add user function, bypass the xss protection, and make the xss attack take effect. poc:
<img src=1 onerror=alert(1)>
<img src=1 onerror=alert(2)> 0x03:
The page automatically loads and triggers XSS
The final xss effective result
**Fixes:
**
Make xss protection fully effective
illustrate
(1) http://www.urtracker.cn/ ,
Introduction to URTracker
“URTracker transaction tracking tracking system” is a general problem (Issue Tracking) software for these problems. It is used to help businesses and teams create various types of processes, manage all of them and keep track of recorded processes, and has a built-in workbench for sharing issues.
(2) Reproduce the demo url:http://www.1.urtracker.cn/Accounts/login.aspx?ReturnUrl=%2fdefault.aspx
account/passwprd:admin/123456