You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a stored XSS which allows attacker to insert javascript code into database. When admin see the message, attacker is able to steal admin's cookie.
Filename /coreframe/app/guestbook/myissue.php
Code
Exploit
When we post data without parameter
title
, there will be 80 chars we can use to write payload.POC
Result
The text was updated successfully, but these errors were encountered: