Skip to content
This repository has been archived by the owner. It is now read-only.

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_name #61

Open
fakerrr opened this Issue Jan 10, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@fakerrr
Copy link

fakerrr commented Jan 10, 2019

1、Login the backstage
http://127.0.0.1/admin/index.php

2、Go to System setting->site setting
image

3、add the following payload to the first textbox,and submit。
payload:site_name=DiliCMS'"/></script><script>alert(1)</script>
image
And then Stored-XSS triggered

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.