Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[XSS!!]When modifying a written blog, you can modify the name of the uploaded picture to cause a stored XSS vulnerability #885

Open
aq-xiaobai opened this issue Sep 19, 2021 · 0 comments
Open

[XSS!!]When modifying a written blog, you can modify the name of the uploaded picture to cause a stored XSS vulnerability #885

aq-xiaobai opened this issue Sep 19, 2021 · 0 comments

Comments

@aq-xiaobai
Copy link

aq-xiaobai commented Sep 19, 2021
edited
Loading

Affected pages: xxxxx/blog/

Execute malicious javascript code by modifying the name of the uploaded image to close the html tag or adding the onerror attribute.
yes:
2
no:
5

detailed steps:
After publishing a blog with uploaded pictures, click "Edit Blog Entry" to enter the modification page, open Burp Suit and then directly click "save", modify the content of image[file] in the request packet in Burp Suit as the attack code
payload:"onerror="alert(/xss/)
3
Any member browses the blog page:
4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aq-xiaobai