Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When the administrator logged in, open the following link.
http://127.0.0.1/maccms10/admin.php/admin/link/index.html?wd=%22%3e<svg/onload=alert(document.cookie)>
Can take over the administrator because the value of the cookie is obtained
The text was updated successfully, but these errors were encountered:
进行了过滤,不过这个影响不大,在已经拥有后台权限的情况下这个没多少意思。
Sorry, something went wrong.
攻击者最开始没有后台权限,让后台管理员在登陆的情况下访问这个链接,那么就可以获取到后台管理员的cookie,也就可以获取到后台的权限。
这相当于一个从无权限到有权限的过程。
了解稍后发更新
No branches or pull requests
When the administrator logged in, open the following link.
Can take over the administrator because the value of the cookie is obtained
The text was updated successfully, but these errors were encountered: