vendor: http://uuu.la/
Download link for UCMS-1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip
1.Enter the background and click site management,Next, click Import column。
2.Configure parameters according to the picture. Click Submit after configuration
3.Continue, click OK to import
4.Next. Add after the column name:
666<script>alert(document.cookie)</script>
5.Check the submitted content, successfully trigger XSS attack code, pop-up cookie sensitive information
6.Any user visiting the home page will pop up. If he has logged in, the cookie value will be directly disclosed