Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Account avatar link exists XSS vulnerability too. #504
Hi,man.I hope you can learn by analogy.
There is a xss vul in account avatar link.
I can enter xss payload
My test environment
OS : MacOS 10.12.6
First packet info:
Second packet info:
When I analyzed the second packet, I knew the process of uploading the avatar.
So,i just need to tested the second packet.I changed the value of the JSON parameter