After logging in to the management page using the ADMIN account, you can insert the JAVASCRIPT code in multiple editable places and affect the home page display.
Take /PHPMYWIND/admin/infoclass.php as an example
Step.1
open page PHPMYWIND/admin/login.php login use admin accont
Step.2
open page /PHPMYWIND/admin/infoclass_update.php?id=1
Step.3
Enter <img/src=x onerror=alert(1)> at the title and Click submit
Step.4
refresh /admin/infoclass.php
Javascript code is executed
Other vulnerable page steps are consistent with the above ,then not described one by one.
The background of the website application is not protected.
The text was updated successfully, but these errors were encountered:
After logging in to the management page using the ADMIN account, you can insert the JAVASCRIPT code in multiple editable places and affect the home page display.
Take /PHPMYWIND/admin/infoclass.php as an example
Step.1

open page PHPMYWIND/admin/login.php login use admin accont
Step.2

open page /PHPMYWIND/admin/infoclass_update.php?id=1
Step.3

Enter <img/src=x onerror=alert(1)> at the title and Click submit
Step.4
refresh /admin/infoclass.php
Javascript code is executed
Other vulnerable page steps are consistent with the above ,then not described one by one.
The background of the website application is not protected.
The text was updated successfully, but these errors were encountered: