Headline
CVE-2022-44361: ZZCMS2022 has a xss · Issue #1 · cri1stur/ZZcms
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.
ZZCMS the lastest version download page :
http://www.zzcms.net/about/download.html
software link: http://www.zzcms.net/download/zzcms2022.zip
Environmental requirements
PHP version > = 4.3.0
Mysql version>=4.0.0
Essential information
version:2022
File path:admin/ad_list.php
parameter:page
request method:REQUEST
payload:1");alert(/xss/);("
Principle analysis
admin/ad_list.php line 17
Get the parameter(page) through the REQUEST method and pass the parameter to the checkid () function.
inc/function.global.php line 14
Let’s see the checkid () function again. The content of the ID parameter comes from the page parameter obtained by the request method. The function first determines whether the ID is a number. If it is not a number, it executes the showmsg() function and passes the $ID to the showmsg() function.
inc/function.php line 23
See the showmsg() function, in which line 24, you can execute malicious code by closing the alert() function
for example:payload=");alert(“1”);("
Loophole recurrence
First log in to the website:http://localhost/admin/login.php
Access:http://localhost/admin/ad_list.php?page= ");alert(/xss/) ;(", and then two pop-up windows will pop up. The second pop-up content is the detection content.