Sky's自留地

关注互联网安全,关注安全&攻击技术。

Jeesns front desk storage xss get admin cookie

技术类 阅读: 4298 1 评

current version:

1.2.1

step

1.Register a user

Register via the home registration button and go to the http://domain.com/article/listpage

select post article

2.post a new article

Then fill in the following payload in the title, description, content [source] to test

test<img src=x onerror=alert(document.cookie)>

3.Administrator review article

New users need to review articles when they are published. Administrators can log in to the background and the vulnerability can be triggered when new articles are reviewed. After the article is approved, the vulnerability continues to affect users at the front desk.

Virtualizor破解
发表评论
撰写评论