DiliCMS
DiliCMS copied to clipboard
chekun
DiligentCMS
1、Login the backstage http://127.0.0.1/admin/index.php 2、Go to System setting->site setting  3、add the following payload to the third textbox,and submit。 payload:site_logo=images/logo.gif" onmouseover="alert(1)  And move your mouse on the third textbook...
1、Login the backstage http://127.0.0.1/admin/index.php 2、Go to System setting->site setting  3、add the following payload to the second textbox,and submit。 payload:site_domain=http://www.dilicms.com/" onmouseover="alert(1)  And move your mouse on the second textbook...
1、Login the backstage http://127.0.0.1/admin/index.php 2、Go to System setting->site setting  3、add the following payload to the first textbox,and submit。 payload:site_name=DiliCMS'"/>alert(1)  And then Stored-XSS triggered
Software Link : https://github.com/chekun/DiliCMS After the administrator logged in,open the page test.html delete user POC: ``` ``` test2.html delete group POC: ``` ```
# Steps to Reproduce **1、the backstage address** http://127.0.0.1/DiliCMS-develop-3.x/admin/index.php **2、login and use BurpSuite to intercepte packets,and then we can see the User credentials are transmitted over an unencrypted channel** 
- [ ] 使用composer - [ ] 升级CodeIgniter为3.x - [ ] 优化目录结构 - [ ] 集成Laravel Elixir - [ ] 使用CI内置缓存模块
private function watch() 105行 in_array($plugin['name'], $this->app->acl->rights['plugins']) 感觉应该改成 in_array($key, $this->app->acl->rights['plugins'])
