Skip to content
Permalink
gh-pages
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

UCMS_v1.6.0 has a vulnerability, stored cross-site scripting (XSS)

vendor: http://uuu.la/

Download link for UCMS-1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip

1.Enter the background and click site management,Next, click Import column。

2.Configure parameters according to the picture. Click Submit after configuration

1660574007038

3.Continue, click OK to import

1660574115465

4.Next. Add after the column name:

666<script>alert(document.cookie)</script>

1660574200011

5.Check the submitted content, successfully trigger XSS attack code, pop-up cookie sensitive information

1660574365910

6.Any user visiting the home page will pop up. If he has logged in, the cookie value will be directly disclosed

1660574542291