关联漏洞
标题:Bootstrap 跨站脚本漏洞 (CVE-2018-14041)Description:Bootstrap是一款使用HTML、CSS和JavaScript开发的开源Web前端框架。 Bootstrap 4.1.2之前版本中的scrollspy的data-target属性存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Description
Vulnearability Report of the New Jersey official site
介绍
# https-nj.gov---CVE-2018-14041
#### Vulnearability Report of the New Jersey official site
The data-target attribute is vulnerable to Cross-Site Scripting attacks.
`<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>`
`<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>`
`<button data-toggle="collapse" data-target="<img src=x onerror=alert(0)>">Test</button> `
# RECOMMENDATION
The fix for this specific issue could be changing getTargetFromTrigger function.
`return $(target)`
to:
`return $(document.querySelector(target))`
but it seems the same problem is present in other places too.
Here is another example:
`<a href="<img src=x onerror=alert(0)>" data-dismiss="alert">Test</a>`
# REFERENCES
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
https://access.redhat.com/errata/RHSA-2019:1456
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26627
https://github.com/twbs/bootstrap/pull/26630
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
https://seclists.org/bugtraq/2019/May/18
https://www.oracle.com/security-alerts/cpuApr2021.html
文件快照
[4.0K] /data/pocs/dd7b6b84347a0a247b4aa03ecd01d621b503ca1e
└── [2.0K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。