Using mogu2021:mogu2021 to log in the Mogu blog. http://demoweb.moguit.cn/
Choose User Center > User Avatar > Image
At this point, use the burp suite to capture the request packet.
Use the Repeater module in BurpSuite.
Try to change the file contents in the request package to the XSS payload and try to change the file name to the HTML suffix.
You can see the successful upload and the file path in the response package.
Open your browser to access the HTML file you just uploaded
The text was updated successfully, but these errors were encountered:
I'm really sorry that I just noticed this issue recently. There may still be a problem with the background interface of uploading avatar. The format uploaded by users is not strictly verified, and only the front-end is used for processing.
I will fix this problem recently. Thank you again for your kind feedback
Using mogu2021:mogu2021 to log in the Mogu blog.






http://demoweb.moguit.cn/
Choose User Center > User Avatar > Image
At this point, use the burp suite to capture the request packet.
Use the Repeater module in BurpSuite.
Try to change the file contents in the request package to the XSS payload and try to change the file name to the HTML suffix.
You can see the successful upload and the file path in the response package.
Open your browser to access the HTML file you just uploaded
The text was updated successfully, but these errors were encountered: