First we can write payload with a low-privileged user named 'test'.As an attacker, you can change a title to prompt an administrator to click on this page.
Then log in to the admin account and click the change(修改) button to pop up the admin's cookie.
The reason for the vulnerability is that php code uses blacklists to filter JS code, resulting in poor filtering.
This method can be used to steal admin's cookie.
The text was updated successfully, but these errors were encountered:
This XSS vulnerability was found in the system bulletin(系统公告) in the background.
payload:
First we can write payload with a low-privileged user named 'test'.As an attacker, you can change a title to prompt an administrator to click on this page.
Then log in to the admin account and click the change(修改) button to pop up the admin's cookie.
The reason for the vulnerability is that php code uses blacklists to filter JS code, resulting in poor filtering.
This method can be used to steal admin's cookie.
The text was updated successfully, but these errors were encountered: