Skip to content
This repository has been archived by the owner on Jan 10, 2019. It is now read-only.

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_logo #63

Open
fakerrr opened this issue Jan 10, 2019 · 0 comments

Comments

@fakerrr
Copy link

fakerrr commented Jan 10, 2019

1、Login the backstage
http://127.0.0.1/admin/index.php

2、Go to System setting->site setting
image

3、add the following payload to the third textbox,and submit。
payload:site_logo=images/logo.gif" onmouseover="alert(1)
image
And move your mouse on the third textbook ,then Stored-XSS triggered

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant