Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

metinfo 6.0 XSS Vulnerability #1

Open
learnsec6 opened this issue Apr 10, 2018 · 2 comments
Open

metinfo 6.0 XSS Vulnerability #1

learnsec6 opened this issue Apr 10, 2018 · 2 comments

Comments

@learnsec6
Copy link
Owner

There is a XSS Vulnerability on front page can attack administrator
POC:
First download the metinfo the Latest version from https://www.metinfo.cn/download/
1
second: inject xss from in feedback page,and then submit to the administrator
3333
last:
when the administrator login in the webseit and Check the feedback message,the xss will be touched off.
3

@dkive
Copy link

dkive commented Apr 17, 2018

垃圾

@sqlsec
Copy link

sqlsec commented Jul 29, 2018

@dkive 存在即合理 高大上的漏洞都是一点点积累出来的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants