Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

There is storage XSS in zzcms2020 user information

Position

In zzcms2020/user/manage.php line 100

1

The content parameter here is controllable, the program has no processing and brings it into the database to output the data on the My exhibition hall(我的展厅) page

1

POC && Vulnerability exploitation

POC


aaaaaaaaxss"/&gt;<img onerror="alert(1)" src="#" />aaaaaaaaaaa

Vulnerability exploitation

open zzcms2020/user/manage.php page , insert poc

1

1

Open it again My exhibition hall(我的展厅) page

1