Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Valid

Reported on

Sep 14th 2021

Description

Stored xss via name

Proof of Concept

1. First goto https://v6.thinkadmin.top/admin.html#/admin/base.html?type=datea&spm=m-2-4-8 and edit a data and put bellow xss payload in Data name field .

xss"'><img src=x onerror=alert(document.domain)>

Now see xss is executed

VIEDO

https://drive.google.com/file/d/1_SwUpjNFjkmlPib8FxcVRYOWX6OASYn8/view?usp=sharing

Impact

stored xss

We have contacted a member of the zoujingli/thinkadmin team and are waiting to hear back 2 years ago

邹景立 validated this vulnerability 2 years ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

邹景立 marked this as fixed with commit 307071 2 years ago

邹景立 has been awarded the fix bounty

This vulnerability will not receive a CVE

邹景立

commented 2 years ago

Maintainer

Use composer to update the thinklibrary component.

https://github.com/zoujingli/ThinkLibrary/blob/v6.0/src/helper/PageHelper.php#L117

邹景立

commented 2 years ago

Maintainer

https://github.com/zoujingli/ThinkAdmin#%E9%97%AE%E9%A2%98%E4%BF%AE%E5%A4%8D

to join this conversation

We have contacted a member of the zoujingli/thinkadmin team and are waiting to hear back 2 years ago

邹景立 validated this vulnerability 2 years ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

邹景立 marked this as fixed with commit 307071 2 years ago

邹景立 has been awarded the fix bounty

This vulnerability will not receive a CVE

邹景立

commented 2 years ago

Maintainer

Use composer to update the thinklibrary component.

https://github.com/zoujingli/ThinkLibrary/blob/v6.0/src/helper/PageHelper.php#L117

邹景立

commented 2 years ago

Maintainer

https://github.com/zoujingli/ThinkAdmin#%E9%97%AE%E9%A2%98%E4%BF%AE%E5%A4%8D

to join this conversation