4 Exploitable context-sensitive XSS flaws in jeesite4

Question

4 Exploitable context-sensitive XSS flaws in jeesite4

asteinhauser opened this issue 6 years ago · 7 comments

asteinhauser commented 6 years ago

Please, see 4 videos with concrete exploitations in the attachment.
jeesite.zip

Answer 1 · 2018-11-08T04:08:28.000Z

thank you very much!
you must config you service IEncoding="utf-8" URIEncoding="utf-8"

and check you file encoding.

eg.

Answer 2 · 2018-11-08T04:08:50.000Z

<Connector IEncoding="utf-8" URIEncoding="utf-8" compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain,application/json,text/json" compression="on" compressionMinSize="100" connectionTimeout="20000" noCompressionUserAgents="gozilla, traviata" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>

Answer 3 · 2018-11-08T04:10:09.000Z

XSS flaws in jeesite4

We will try to deal with recently

Answer 4 · 2018-11-08T04:12:48.000Z

Thanks for the info about encoding. However, the 4 vulnerabilities are independent of encoding. They are verifiable directly on your demo instance after logging in as system:admin - e.g.:
http://demo.jeesite.com/js/a/gen/genTable/form?tableName=%27;alert(342);var%20x=%27

Answer 5 · 2018-11-08T04:14:43.000Z

We have filtered some XXS aggression, we'll try to deal with this kind of behavior under, thank you very much

Answer 6 · 2018-11-08T04:54:09.000Z

@asteinhauser Thank you very much for your feedback, we will fix this problem in v4.1.1.

Answer 7 · 2018-11-16T06:51:27.000Z

Fifth one just for the sake of completeness. This one is persistent:
jeesite5.zip