CVE-2022-3992 PoC — Sanitization Management System 跨站脚本漏洞

Source

https://github.com/Urban4/CVE-2022-3992

Associated Vulnerability

Title:Sanitization Management System 跨站脚本漏洞 (CVE-2022-3992)
Description:Sanitization Management System是Carlo Montero个人开发者的一个消毒管理系统。 Sanitization Management System 存在安全漏洞，该漏洞源于组件the file admin/?page=system_inf的一些未知功能，攻击者利用该漏洞可以通过操作参数 q 导致跨站脚本。

Description

Cross Site Scripting on sanitization-management-system

Readme

# CVE-2022-3992
Cross-Site Scripting in WonderCMS

Description: A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0 allows potential attackers to upload arbitrary files via a crafted name into the system logo Fields of the System Info Fields. The cookie has no HttpOnly Flag this could be used to steal the cookies of logged-in users.
How To Reproduce:
<img width="1440" alt="Screen Shot 2022-11-19 at 12 25 34 PM" src="https://user-images.githubusercontent.com/81638590/202848956-49ec4e04-1ade-4ddb-90e3-2a835a764a53.png">
<img width="1403" alt="Screen Shot 2022-11-19 at 12 27 18 PM" src="https://user-images.githubusercontent.com/81638590/202848980-b38c9704-4cd3-462e-8215-4a7364a8c6ba.png">
<img width="1435" alt="Screen Shot 2022-11-19 at 12 31 03 PM" src="https://user-images.githubusercontent.com/81638590/202848992-b14918ba-53d6-43a5-b9c1-3da49069785d.png">

File Snapshot


 [4.0K]  /data/pocs/1df62d284ca4a0dbea48cbee443fb0bffb3cdcaf
└── [ 896]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!