Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata：site_name

Question

Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata：site_name

fakerrr opened this issue 6 years ago · 0 comments

1、Login the backstage
http://127.0.0.1/admin/index.php

2、Go to System setting->site setting

3、add the following payload to the first textbox，and submit。
payload：site_name=DiliCMS'"/></script><script>alert(1)</script>

And then Stored-XSS triggered