ForestBlog icon indicating copy to clipboard operation
ForestBlog copied to clipboard

Published 20 hours ago verified publisher icon saysky

ForestBlog Existing Xss

Open QDming opened this issue 10 months ago • 0 comments

Vulnerability Product:ForestBlog Vulnerability version: all Vulnerability type: Stored XSS Vulnerability Details:

the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff

  1. Login link: http://forestblog.liuyanzhao.com/login I registered my own account here Account: linkk Password: linkk image

  2. When writing the article title or content, enter Click to publish image

  3. Click on the homepage to view this article image

Discovered that xss was triggered

QDming avatar Mar 29 '24 08:03 QDming