input admin@mail.com / Password@123 Log in to the background. At manage classes, click create class, enter xsspayload:<script>alert ("ace")</script>, and click save。
and then refresh the interface to pop up
createClass.php:
After clicking save, the className is substituted into the input for query. If it does not exist, the className will be reinserted into the database. Because the script is not escaped from html, the XSS vulnerability is caused
The text was updated successfully, but these errors were encountered:
Build environment: Aapche2.4.39; MySQL5.7.26; PHP7.3.4
input admin@mail.com / Password@123 Log in to the background. At manage classes, click create class, enter xsspayload:<script>alert ("ace")</script>, and click save。
and then refresh the interface to pop up
createClass.php:
After clicking save, the className is substituted into the input for query. If it does not exist, the className will be reinserted into the database. Because the script is not escaped from html, the XSS vulnerability is caused
The text was updated successfully, but these errors were encountered: