Skip to content
This repository has been archived by the owner. It is now read-only.

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_domain #62

fakerrr opened this Issue Jan 10, 2019 · 0 comments


None yet
1 participant
Copy link

fakerrr commented Jan 10, 2019

1、Login the backstage

2、Go to System setting->site setting

3、add the following payload to the second textbox,and submit。
payload:site_domain=" onmouseover="alert(1)
And move your mouse on the second textbook ,then Stored-XSS triggered

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.