Headline
CVE-2023-0513: 存在存储型xss及未授权访问漏洞 · Issue #I68UYM · 王俊南/Dreamer CMS(梦想家CMS内容管理系统) - Gitee.com
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
存储型XSS(前台及后台)
前台的客户留言处存在存储xss
是由于后端未对用户的留言进行xss的过滤,直接将留言存入数据库
后台的新增栏目与发布文章处都存在存储xss,插入payload后前台访问就会触发
未授权
上传接口和上传文件的访问存在未授权
在未登录的情况下可上传文件
接口:/upload/uploadFile
上传的文件在知道文件名的情况下可任意访问,不用登录
可通过…/跨目录访问资源文件夹下的所有文件:
结合以上两点可以未授权上传html文件,文件内容是恶意的xss payload,然后将html文件的链接发给网站使用者,当网站使用者点击链接后,就会触发恶意js代码导致cookie窃取等危害。