0%

Typecho V1.2.0 Backend DOM-Based XSS

发表于 2023-02-21 分类于 Vulnerability

Typecho-V1.2.0 with Backend DOM-Based Cross-Site Scripting in backend /admin/write-post.php when creating new or editing existed post.

Description

Typecho admin backend post editor with DOM-based XSS when adding a new post tag.

Affected Version

Typecho <= 1.2.0

POC

Login to admin backend management system.
Create a new or edit an existed post, in admin/write-post.php add a new tag.
If the new tag name contains the XSS payload, e.g. <li><p>aaa<a>test</a></p></li>, it will be injected into a <li> html tag.

1	<li><p>aaa<img src=x onerror=alert(1)>aaa</p></li>

Reference

Github Issue

Reported by Srpopty, vulnerability discovered by using Corax.