XSS 漏洞 #503
Hi,man.I found a Cross-Site-Scripting vulnerability in user center
First,my test environment
OS : MacOS 10.12.6
I built a program with symphony.
Location : /admin/user/userid
Exploit Method :
1.Need a account
3.Login to your account based on the above steps
4.If admin edit your user info.Attack is triggered.
This vulnerability can get Administrator's cookie.Hazard can be imagined.