Yusei

First access the file management page, then click new file to upload the file, select the html file format. http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php payload:```alert(document.cookie)``` When we input the file content as payload, we...

First of all, I did not enter the password to access and found it was blocked. http://192.168.187.2/cms/ But I can still access the file management page. http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php The normal logical...

http://192.168.18.130/cms/password/ I can change the admin's password when admin click the csrf html file. payload: ``` history.pushState('', '', '/') ``` 

http://192.168.2.129/simple/admin/?delpage=8 I can delete any page when I send the url to administrator. I can also use the Short DomainNames to encode the url. 

http://192.168.2.129/simple/admin/ I can add page when admin click the html file. payload: ``` history.pushState('', '', '/') ``` 

http://192.168.2.129/simple/admin/login.php This url is used to log in admin. But I can access addpage.php without logging admin. And I can also add page. http://192.168.2.129/simple/admin/addpage.php