Closed ParadiseCong closed 5 years ago
@ParadiseCong like the other issues you filed, please verify which S-CMS you are testing. I suspect this is Zibo's S-CMS Enterprise Website System.
This is not right repository. This repo does not have those issues or the files you are referring to.
An issue was discovered in Sales & Company Management System (SCMS) through 2018-12-05。There is a discrepancy in email checking between a component that does email code validation, and a component that is the source client validation. Thus, it is possible to update a database query and due to storage xss.
this vulnerable occured via member_email.php Enter an arbitrarily email address and click the button,wait a moment,can receive the validation code. Now,enter the code and update the email payload like this,click the button . capture the package via burp suite and generate the csrf poc click the img tag