You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1、Write payload in the information at the bottom of the homepage
2、The vulnerability can be triggered when viewing article content on the home page
Burpsuite packet capture analysis, payload is located in the footer_info parameter
burpsuite抓包分析,payload位于footer_info参数中
Code: Line 154 in admin/setting, when the parameter is save, footer_info is accepted
代码:位于admin/setting中的154行,当参数为save时,接受footer_info
The filtering function is function postStrVar(), located in line 19 of input.php. It strictly filters the input characters, leading to stored xss attacks.
System settings exist storage type xss
1、Write payload in the information at the bottom of the homepage
2、The vulnerability can be triggered when viewing article content on the home page
Burpsuite packet capture analysis, payload is located in the footer_info parameter
burpsuite抓包分析,payload位于footer_info参数中
Code: Line 154 in admin/setting, when the parameter is save, footer_info is accepted
代码:位于admin/setting中的154行,当参数为save时,接受footer_info
The filtering function is function postStrVar(), located in line 19 of input.php. It strictly filters the input characters, leading to stored xss attacks.
过滤函数为function postStrVar(),位于input.php中19行,为对输入的字符进行严格过滤,导致存储xss攻击
The text was updated successfully, but these errors were encountered: