jinny

Results 7 issues of jinny

PDF XSS in admin/upload.php

17 comment

Version:3.4.0 Payload: app.alert('xss'); Insert xss malicious code in pdf with pdf editor ![xss4](https://user-images.githubusercontent.com/30540295/69219648-3b942100-0bae-11ea-8ad9-ccda8b374ff9.png) Access the file upload function of GetSimpleCMS, upload a malicious pdf, and get the uploaded file path...

SECURITY
discussion

Storage XSS in admin/snippets.php

Version:3.4.0a Payload: '"> At Snippets, click on ADD SNIPPEN and edit Snippets to XSS. ![3](https://user-images.githubusercontent.com/30540295/69216516-5dd67080-0ba7-11ea-8a67-a65a4646145c.png) Click Save Snippets to save and refresh the trigger XSS ![4](https://user-images.githubusercontent.com/30540295/69216648-aee66480-0ba7-11ea-9ffa-1072efab2162.png)

SECURITY
DEV

CSRF in /admin/users

1 comment

Version 1.5.x-dev CSRF vulnerability in employee management Before CSRF ![csrf1](https://user-images.githubusercontent.com/30540295/69528253-db83ed00-0fa8-11ea-80da-1c8438b943f6.png) Click 'Add' and edit employee information ![csrf2](https://user-images.githubusercontent.com/30540295/69528376-0e2de580-0fa9-11ea-8253-1f29175b5e0d.png) Grab the packet and construct the payload of CSRF, and save it as...

图片问题

1 comment

![图片](https://user-images.githubusercontent.com/30540295/220228333-0b36b845-cdeb-43ff-9ba0-d5e3e7a1c88b.png) 没有报错,但图片就是发不出去

图片问题

3 comment

无法发生图片

图片问题

![图片](https://user-images.githubusercontent.com/30540295/220798265-3040a8aa-fc80-4888-b248-fa4494cb6608.png) 打印报错直接显示upload failed ![图片](https://user-images.githubusercontent.com/30540295/220798351-83ccba02-bfc3-44b0-b647-913eb9d82a5e.png)

Confirms: [None, None, None, None] error

2 comment

Confirms: [None, None, None, None] Confirms: [None, None, None, None] Confirms: [None, None, None, None] Confirms: [None, None, None, None] Transaction did not land help!!!