Skip to content
This repository has been archived by the owner. It is now read-only.

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_logo #63

fakerrr opened this Issue Jan 10, 2019 · 0 comments


None yet
1 participant
Copy link

fakerrr commented Jan 10, 2019

1、Login the backstage

2、Go to System setting->site setting

3、add the following payload to the third textbox,and submit。
payload:site_logo=images/logo.gif" onmouseover="alert(1)
And move your mouse on the third textbook ,then Stored-XSS triggered

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.