This repository has been archived by the owner on Jan 10, 2019. It is now read-only.
Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_name #61
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1、Login the backstage
http://127.0.0.1/admin/index.php
2、Go to System setting->site setting
3、add the following payload to the first textbox,and submit。
payload:site_name=DiliCMS'"/></script><script>alert(1)</script>
And then Stored-XSS triggered
The text was updated successfully, but these errors were encountered: