DiliCMS icon indicating copy to clipboard operation
DiliCMS copied to clipboard
verified publisher icon chekun

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_logo

Open fakerrr opened this issue 7 years ago • 0 comments

1、Login the backstage http://127.0.0.1/admin/index.php

2、Go to System setting->site setting image

3、add the following payload to the third textbox,and submit。 payload:site_logo=images/logo.gif" onmouseover="alert(1) image And move your mouse on the third textbook ,then Stored-XSS triggered

fakerrr avatar Jan 10 '19 03:01 fakerrr