Headline
CVE-2022-41472: 74cmsSE Storage cross site scripting vulnerability(XSS) · Issue #1 · xxhzz1/74cmsSE-Storage-cross-site-scripting-vulnerability
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
Vulnerability Name: Storage cross site scripting vulnerability(XSS)
Date of Discovery: 23/9/2022
Product version: 74cmsSEv3.12.0 DownloadLink : https://www.74cms.com/download/detail/89.html
Author: xxhzz
Vulnerability Description:
Add a bulletin to the background of 74cmSSE V3.12.0. Insert the XSS Payload into the header to store and trigger the XSS
Prove:
1.In the background of the website, add a bulletin and insert payload in the header
payload: {{$on.constructor('alert(1)')()}}
2.Check the parameter and find title
3.Save success
4.Click the title to trigger the XSS successfully
code:
Position: \74cmsSEv3.12.0\upload\application\apiadmin\controller\Notice.php
Check the xss parameter filtering mechanism and escape only the angle brackets
I am using AngularJS sandbox escapes reflected.Therefore, the storage xss vulnerability was successfully triggered.