Headline
CVE-2022-28920: Possible XSS vulnerability · Issue #156 · MoeNetwork/Tieba-Cloud-Sign
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible XSS vulnerability #156
Open
enferas opened this issue
Apr 6, 2022
· 3 comments
Comments
Hello,
I would like to report for XSS vulnerability.
In file https://github.com/MoeNetwork/Tieba-Cloud-Sign/blob/master/templates/control.php line 53.
case 'setplug’: $plug = strip_tags($_GET[‘plug’]); $pluginfo = getPluginInfo($plug);
Then, there is an echo in line 62.
echo '<a href="’.$pluginfo[‘plugin’][‘url’].’" target="_blank">’;
strip_tags is not secure in this case. If you can look to this code example the alert will be printed when you press on the link.
<?php $x = "’javascript:alert()'"; $y = strip_tags($x); echo "<a href=$x>ClickMe</a>";
if (ROLE != ‘admin’) msg(‘权限不足!’);
if (!file_exists($path . $plugin . ‘.php’)) {
return false;
}
这是一个没有想象中严重的漏洞,我们在前面设置了权限检查挡住了非admin用户的访问,此外文件存在性检查会确保不存在的插件不会被加载,因此触发这个漏洞的需要:
- 用户为管理员
- 使用了带有恶意外部链接的插件
感谢您的反馈,我们将会在晚些时候进行修复
translated by deepl.com
if (ROLE != ‘admin’) msg(‘权限不足!’);
if (!file_exists($path . $plugin . ‘.php’)) {
return false;
}
This is not as serious a vulnerability as you might think, we set up a permission check earlier to block access by non-admin users, in addition the file existence check will ensure that non-existent plugins will not be loaded, so two conditions are required to trigger this vulnerability
- The user is an administrator
- A plugin with a malicious url is used
Thank you for your feedback, we will fix it later
if (ROLE != ‘admin’) msg(‘权限不足!’);
if (!file_exists($path . $plugin . ‘.php’)) {
return false;
}
这是一个没有想象中严重的漏洞,我们在前面设置了权限检查挡住了非admin用户的访问,此外文件存在性检查会确保不存在的插件不会被加载,因此触发这个漏洞的需要:
- 用户为管理员
- 使用了带有恶意外部链接的插件
感谢您的反馈,我们将会在晚些时候进行修复
translated by deepl.com
if (ROLE != ‘admin’) msg(‘权限不足!’);
if (!file_exists($path . $plugin . ‘.php’)) {
return false;
}
This is not as serious a vulnerability as you might think, we set up a permission check earlier to block access by non-admin users, in addition the file existence check will ensure that non-existent plugins will not be loaded, so two conditions are required to trigger this vulnerability
- The user is an administrator
- A plugin with a malicious url is used
Thank you for your feedback, we will fix it later
礼貌问询deepl.com中译英和英译中效果怎么样
Copy link
Collaborator
** n0099 commented May 16, 2022**
礼貌问询deepl.com中译英和英译中效果怎么样
您已经看到了
Related news
Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.