Found xss vulnerability and Information Disclosure Vulnerability in post-edit.php
onEpAth936 opened this issue · 0 comments
onEpAth936 commented
environment:
- php.7.3.4
- win10
First,you need to Login the backstage here: /mc-admin/
Second,use payload: /mc-admin/post-edit.php?id=%3Cscript%3Ealert%285%29%3C/script%3E
you will see Pop-ups,then click here :
you will see Web Directory leak out like this:
