Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-20717 PoC — Ec-cube 跨站脚本漏洞

Source
https://github.com/s-index/CVE-2021-20717
Associated Vulnerability
Title:Ec-cube 跨站脚本漏洞 (CVE-2021-20717)
Description:Ec-cube是日本Ec-cube公司的一套开源的电子商务系统。 EC-CUBE 4.0.0至4.0.5版本存在跨站脚本漏洞。该漏洞源于程序允许远程攻击者将特制脚本注入使用EC-CUBE创建的EC网站的特定输入字段中,并导致任意代码执行。
Description
CVE-2021-20717-EC-CUBE-XSS
Readme
# CVE-2021-20717-EC-CUBE-XSS

## NVD Description

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.

## Set Up

1. Clone EC Cube

```
git clone https://github.com/EC-CUBE/ec-cube.git -b 4.0.5
```

2. Docker Build

```
docker build -t eccube4-php-apache .
```

3. Docker Run

```
docker run --name ec-cube -p "8080:80" -p "4430:443" eccube4-php-apache
```

## Reproduce

### User

http://localhost:8080

1. Add to Cart & Proceed to Checkout

2. Inject Script to Inquiry Form

![Inject Script to Inquiry Form](https://user-images.githubusercontent.com/56715563/120063116-8e527100-c0a0-11eb-8ba9-aff86d8a4ca1.png)

3. Complete Purchase

### Admin

http://localhost:8080/admin/login

1. Login admin:password

2. Open Order List Page

3. Click (Malicious) Order

4. Click Create Mail Button

5. Select Template

6. Click Confirm Mail Button

![Click Confirm Mail Button](https://user-images.githubusercontent.com/56715563/120063179-e8533680-c0a0-11eb-8479-18fb43db7f1e.png)

## Fixed Commit

https://github.com/EC-CUBE/ec-cube/commit/9bae20f070acfe0b84451bc1e082c699ac197faf
File Snapshot

 [4.0K]  /data/pocs/254d0ab4f9f43102f66ccfd555e93be029e6fbdd
└── [1.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.