PHPCMS-stored XSS (available)

Source: Internet
Author: User

A stored XSS vulnerability exists in PHPCMS because user input is not properly processed.

Cause of vulnerability: when posting an article, the content of the article title is not filtered, resulting in an XSS vulnerability.

Condition for exploits: You must have the permission to post an article.

Default PHPCMS permissions: PHPCMS has multiple roles by default, and different roles should have corresponding permissions. To successfully exploit this vulnerability, you must have the permission to post an article.



Test version: PHPCMS V9.3.2. Other versions are not tested.

Note: To successfully exploit this vulnerability, you must first obtain an account with the permission to post an article and the corresponding password. Because it is a test, I have created a low-permission account named xsstest, which has the permission to publish articles.

Vulnerability test process 1:

Vulnerability exploitation code: </a> <script> alert (document. cookie) </script>

1. log on to the background with xsstest, publish an article, and insert the XSS test code in the article title, such:



2. Select the check box before "website top recommendation" in the recommendation position, for example:



3. the last article is published. accessing any page of the website will trigger the vulnerability.



Vulnerability test process 2:

Vulnerability exploitation code: "/onmouseover = alert (/xss1 /)//

In addition to closing the <a> tag to trigger a vulnerability, you can also trigger the vulnerability elsewhere. For example:





 

Solution:

Filter user input headers in Input and Output

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.