Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS #18

Closed
chan115117 opened this issue Nov 11, 2021 · 1 comment
Closed

XSS #18

chan115117 opened this issue Nov 11, 2021 · 1 comment

Comments

@chan115117
Copy link

进入后台,点击基础-->友链管理-->添加,在名称处link_name[]插入payload:test”><img/src=1 onerror=alert(1)>
图片
点击保存,成功触发XSS,此外,该处也存在CSRF漏洞,可以结合CSRF漏洞进行利用
图片

@maccmspro
Copy link
Owner

感谢,已统一修复

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants