attritionorg
commented
5 years ago @ParadiseCong like the other issues you filed, please verify which S-CMS you are testing. I suspect this is Zibo's S-CMS Enterprise Website System.
Closed ParadiseCong closed 5 years ago
attritionorg
commented
5 years ago @ParadiseCong like the other issues you filed, please verify which S-CMS you are testing. I suspect this is Zibo's S-CMS Enterprise Website System.
Venan24
commented
5 years ago This is not right repository. This repo does not have those issues or the files you are referring to.
An issue was discovered in Sales & Company Management System (SCMS) through 2018-12-05。There is a discrepancy in email checking between a component that does email code validation, and a component that is the source client validation. Thus, it is possible to update a database query and due to storage xss.
this vulnerable occured via member_email.php
Enter an arbitrarily email address and click the button,wait a moment,can receive the validation code.
Now,enter the code and update the email payload like this,click the button .
capture the package via burp suite and generate the csrf poc
click the img tag
