Headline
CVE-2022-38550: The JEESNS has a storage-type XSS vulnerability · Issue #1 · Pick-program/JEESNS
A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Tools required: BurpSuite, IDEA (Eclipse)
Required source download address:
https://github.com/zchuanzhao/jeesns/releases
Deployment Instructions:
https://gitee.com/zchuanzhao/jeesns#%E9%83%A8%E7%BD%B2%E8%AF%B4%E6%98%8E
Posting Payload in the “Twitter” function:
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=>
The stored XSS vulnerability can be triggered (the XSS vulnerability can obtain the cookie value of others, so as to forge the identity of others to log in, which is risky) :
The code flow starts here at weibocontroller.java to get whether the user is logged in:
Then you call the XSS filter class, and the value you input will be checked for the following keywords. If there are any, the javascript statement will be disabled by underlining those sensitive words. This method can be circumvented by coding, such as payload, above. The < script > alert (" XSS ") < / script >
Base64 encoded into PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4 =
Use spurious protocol triggering to bypass detection: