Se7en呦

[#[-网҈络҈安҈全҈--渗҈透҈测҈试҈--代҈码҈审҈计҈--黑҈客҈编҈程-]#]

My Links

Blog Stats

An issue was discovered in Hsycms V1.1 . There is an XSS vulnerability via /book page

1. The attacker opens http://127.0.0.1/book/, and enters the following at the name.
"><img src=1 onerror=alert(location.href)> 

  

 

2.The vulnerability is triggered when administrators view messages.

 

 

 

posted on 2019-02-17 00:24 Se7en呦 阅读(...) 评论(...)  编辑 收藏