SIDU has Stored Cross-Site Scripting (XSS) Vulnerability Description
- Author: YUNG-HAO TSENG, Eddie TC CHANG, YU-HSIANG HUANG
- Contact: 0xuhaw@gmail.com; eddietcchang@gmail.com; huang.yuhsiang.phone@gmail.com
Testing Target
- Product:SIDU
- Version:6.0
- Official Website:http://topnew.net/sidu
- Affect:All Version <= 6.0
Abstract
We discovered the database name is not strictly filtered, the attacker can insert the name containing XSS Payload, that cause the vulnerability of stored xss occur.




