Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability exists in member submission function #42

Closed
mntn0x opened this issue Mar 4, 2020 · 1 comment
Closed

XSS vulnerability exists in member submission function #42

mntn0x opened this issue Mar 4, 2020 · 1 comment

Comments

@mntn0x
Copy link

@mntn0x mntn0x commented Mar 4, 2020

会员投稿功能,使用如下payload即可造成xss
<img+src%3d1+onpointerout%3dalert(1)>
直接在请求包的content中加上payload,等待审核通过即可。当鼠标滑过图片然后又划出的时候即触发xss

我在官方演示站投稿了一个文章,id=104,请确认。


Member submission function, using the following payload can cause xss
<img+src%3d1+onpointerout%3dalert(1)>
Add the payload directly to the content of the request package and wait for approval. Xss is triggered when the mouse rolls over the picture and then draws out

I submitted an article on the official demo station, id = 104, please confirm.

@yzmcms
Copy link
Owner

@yzmcms yzmcms commented Mar 4, 2020

感谢指出,下一个版本将会修复这个问题

@mntn0x mntn0x closed this Mar 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants