This repository has been archived by the owner on Jan 10, 2019. It is now read-only.
Stored-XSS Vulnerability Found in System setting -> site setting-> POSTdata:site_logo #63
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1、Login the backstage
http://127.0.0.1/admin/index.php
2、Go to System setting->site setting
3、add the following payload to the third textbox,and submit。
payload:site_logo=images/logo.gif" onmouseover="alert(1)
And move your mouse on the third textbook ,then Stored-XSS triggered
The text was updated successfully, but these errors were encountered: