Skip to content

DolphinPHP v1.5.1 has a vulnerability, Stored Cross Site Scripting(XSS) #42

Closed
@zhangzhijie98

Description

version:1.5.1
Vulnerability location:Background - > System - > system function - > configuration management.
image
image
Add a new configuration,and insert payload in the configuration title
payload: t"><img src=x onerror=alert(1)>
image
Save and refresh the page. Pop up window.
image
payload: <img src=x onerror=alert("xss")>
image
image
When you visit this page, a pop-up window will pop up.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions