Headline
CVE-2020-19770: A stored XSS vulnerability in WUZHI CMS v4.1.0 · Issue #180 · wuzhicms/wuzhicms
A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin’s cookie.
This XSS vulnerability was found in the system bulletin(系统公告) in the background.
payload:
</textarea><details open="" ontoggle=alert(document.cookie)><textarea>
First we can write payload with a low-privileged user named 'test’.As an attacker, you can change a title to prompt an administrator to click on this page.
Then log in to the admin account and click the change(修改) button to pop up the admin’s cookie.
The reason for the vulnerability is that php code uses blacklists to filter JS code, resulting in poor filtering.
This method can be used to steal admin’s cookie.