Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Storage XSS was found in three places #11

Open
Ch3ng-sky opened this issue Sep 5, 2019 · 0 comments
Open

Storage XSS was found in three places #11

Ch3ng-sky opened this issue Sep 5, 2019 · 0 comments

Comments

@Ch3ng-sky
Copy link

Three storage XSS were found in wtcms

POC:

javascript:alert(document.cookie)

1.Click on the background article management and fill in the XSS code at the source of the article

clipboard11

Find the published article in the front desk and click on the link to trigger XSS

clipboard12
clipboard13

POC:

javascript:alert(document.cookie)

2.Click on the background menu management, fill in the XSS code at the link, and finally click save

clipboard21

Find the location where the XSS code is inserted in the foreground and click to trigger the XSS attack

clipboard22
clipboard23

POC:

javascript:alert(document.cookie)

3.Click on the background links, fill in the XSS code at the link address, and finally click Save

clipboard31

Find the link address at the bottom of the front desk and click to trigger XSS

clipboard32
clipboard33

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant