Open Hebing123 opened 5 months ago
A reflected XSS vulnerability was discovered in lylme_spage v1.9.5 on the admin/link.php.
admin/link.php
https://github.com/LyLme/lylme_spage/blob/b7c430a49e8b247ddb04401b1176157c10d52948/admin/link.php#L71-L77 The vulnerability stems from the lack of filtering or encoding of the $id parameter, allowing an attacker to inject arbitrary HTML and JavaScript code into a link.php page.
The POC demonstrates that by inserting a specially crafted a tag into the URL, an attacker can cause an alert box to appear showing the document's cookies when the link is clicked, evidencing the execution of JavaScript.
http://your-ip/apply/index.php?url=%3Ca%20href%3D%26%23x6a%3B%26%23x61%3B%26%23x76%3B%26%23x61%3B%26%23x73%3B%26%23x63%3B%26%23x72%3B%26%23x69%3B%26%23x70%3B%26%23x74%3B%26%23x3a%3B%26%23x61%3B%26%23x6c%3B%26%23x65%3B%26%23x72%3B%26%23x74%3B%26%23x28%3B%26%23x64%3B%26%23x6f%3B%26%23x63%3B%26%23x75%3B%26%23x6d%3B%26%23x65%3B%26%23x6e%3B%26%23x74%3B%26%23x2e%3B%26%23x63%3B%26%23x6f%3B%26%23x6f%3B%26%23x6b%3B%26%23x69%3B%26%23x65%3B%26%23x29%3B%3Elink
CVE-2024-36674
Hebing123
commented
3 months ago
Summary
A reflected XSS vulnerability was discovered in lylme_spage v1.9.5 on the
admin/link.php.Details
https://github.com/LyLme/lylme_spage/blob/b7c430a49e8b247ddb04401b1176157c10d52948/admin/link.php#L71-L77 The vulnerability stems from the lack of filtering or encoding of the $id parameter, allowing an attacker to inject arbitrary HTML and JavaScript code into a link.php page.
The POC demonstrates that by inserting a specially crafted a tag into the URL, an attacker can cause an alert box to appear showing the document's cookies when the link is clicked, evidencing the execution of JavaScript.
POC