DiliCMS icon indicating copy to clipboard operation
DiliCMS copied to clipboard
verified publisher icon chekun

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_domain

Open fakerrr opened this issue 7 years ago • 0 comments

1、Login the backstage http://127.0.0.1/admin/index.php

2、Go to System setting->site setting image

3、add the following payload to the second textbox,and submit。 payload:site_domain=http://www.dilicms.com/" onmouseover="alert(1) image And move your mouse on the second textbook ,then Stored-XSS triggered

fakerrr avatar Jan 10 '19 03:01 fakerrr