Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
png
readme.md

readme.md

PHPMyWind has Reflected Cross-Site Scripting Vulnerability Description


Testing Target

Abstract

An issue was discovered in PHPMyWind 5.5. The method parameter of the connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.

Concept

  1. We download the latest version from the official website and build default environment.

  2. View connect.php source code and find the method parameter of line 27 is not filtered, it will cause XSS vulnerabilities.

  3. Now we insert XSS payload after the method parameter.

  • <svg onload=confirm(1)>
  1. That's a great result.
You can’t perform that action at this time.