Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHPMYWIND CMS XSS #1

Open
lolipop1234 opened this issue Sep 5, 2019 · 0 comments
Open

PHPMYWIND CMS XSS #1

lolipop1234 opened this issue Sep 5, 2019 · 0 comments

Comments

@lolipop1234
Copy link
Owner

lolipop1234 commented Sep 5, 2019

After logging in to the management page using the ADMIN account, you can insert the JAVASCRIPT code in multiple editable places and affect the home page display.

Take /PHPMYWIND/admin/infoclass.php as an example

Step.1
open page PHPMYWIND/admin/login.php login use admin accont
image

Step.2
open page /PHPMYWIND/admin/infoclass_update.php?id=1
image

Step.3
Enter <img/src=x onerror=alert(1)> at the title and Click submit
image

Step.4
refresh /admin/infoclass.php
Javascript code is executed

image

Other vulnerable page steps are consistent with the above ,then not described one by one.
The background of the website application is not protected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant