A xss vulnerability in RGCMS V1.06

Vulnerability Information


There is a xss vulnerability in message borad(front-end) in RGCMS V1.06.Through this vulnerabilty,we can get admin cookie and login in back-stage management with rights of admin.


1.Attack Vector:Network
2.Attack Complexity: Low
3.Privileges Required: Low, just leave a message in the message borad without login
4.User Interaction: Needed, admin should check the message board
5.Confidentiality: High
6.Integrity: High
7.Availability: High


1.This is the homepage of RGCMS V1.06

2.click “在线留言” and goto the message borad,and then fill the borad with <script>alert("xss_detect")</script> in the name field

3.And then,login in admin.php with admin account to check the if the xss can take effect.Follow the step in the follow jpg

4.Click “在线留言”, and we can verify the xss

5.We can use developer tools(F12) to do further check.As shown in the figure,the XSS vulnerabilities are real