A stored XSS vulnerability exists in PHPCMS because user input is not properly processed.
Cause of vulnerability: when posting an article, the content of the article title is not filtered, resulting in an XSS vulnerability.
Condition for exploits: You must have the permission to post an article.
Default PHPCMS permissions: PHPCMS has multiple roles by default, and different roles should have corresponding permissions. To successfully exploit this vulnerability, you must have the permission to post an article.
Test version: PHPCMS V9.3.2. Other versions are not tested.
Note: To successfully exploit this vulnerability, you must first obtain an account with the permission to post an article and the corresponding password. Because it is a test, I have created a low-permission account named xsstest, which has the permission to publish articles.
Vulnerability test process 1:
Vulnerability exploitation code: </a> <script> alert (document. cookie) </script>
1. log on to the background with xsstest, publish an article, and insert the XSS test code in the article title, such:
2. Select the check box before "website top recommendation" in the recommendation position, for example:
3. the last article is published. accessing any page of the website will trigger the vulnerability.
Vulnerability test process 2:
Vulnerability exploitation code: "/onmouseover = alert (/xss1 /)//
In addition to closing the <a> tag to trigger a vulnerability, you can also trigger the vulnerability elsewhere. For example:
Solution:
Filter user input headers in Input and Output