There is a storage XSS vulnerability in the blog post of jfinal_ CMS. An attacker can register an account first, then insert malicious XSS code in the post post, and then successfully trigger XSS attack when the administrator or other users view the post.
First, register a user test, publish the blog, and insert the malicious XSS attack code in the title of the blog post:
Payload:
test<img src=x oneerror=alert(document.cookie);>
XSS code can be triggered successfully when viewing the blog post
Because the blog is visible to any user, XSS code can be triggered when any other user views the blog. Here is an example of viewing the blog as an administrator:
XSS code triggered successfully:
Suggestion: strictly filter the input and code the output
zcool321
commented
3 years ago
There is a storage XSS vulnerability in the blog post of jfinal_ CMS. An attacker can register an account first, then insert malicious XSS code in the post post, and then successfully trigger XSS attack when the administrator or other users view the post. First, register a user test, publish the blog, and insert the malicious XSS attack code in the title of the blog post: Payload:
XSS code can be triggered successfully when viewing the blog post
Because the blog is visible to any user, XSS code can be triggered when any other user views the blog. Here is an example of viewing the blog as an administrator:
XSS code triggered successfully:
test<img src=x oneerror=alert(document.cookie);>Suggestion: strictly filter the input and code the output