Execute malicious javascript code by modifying the name of the uploaded image to close the html tag or adding the onerror attribute. yes: no:
detailed steps:
After publishing a blog with uploaded pictures, click "Edit Blog Entry" to enter the modification page, open Burp Suit and then directly click "save", modify the content of image[file] in the request packet in Burp Suit as the attack code payload:"onerror="alert(/xss/) Any member browses the blog page:
The text was updated successfully, but these errors were encountered:
Affected pages: xxxxx/blog/
Execute malicious javascript code by modifying the name of the uploaded image to close the html tag or adding the onerror attribute.


yes:
no:
detailed steps:


After publishing a blog with uploaded pictures, click "Edit Blog Entry" to enter the modification page, open Burp Suit and then directly click "save", modify the content of image[file] in the request packet in Burp Suit as the attack code
payload:"onerror="alert(/xss/)
Any member browses the blog page:
The text was updated successfully, but these errors were encountered: