There is XSS vulnerability below!
The reason for the vulnerability is that there is no filter on user input. According to the guidelines of CMS, We can create a user, and we can control the user's account number, password and email and so on.....
Exploition
After, There are many ways to trigger the vulnerability! The one is that we can make a comment and wait other users to click the user created by ourselves. The another one can get admin's secrect util admin login.
OK! We will create a user at first.
Press the submit button, we get a alert below
we can create a normal user account via this way, and then we can update the information
After we update the user's information, wo would wait!
When the admin user login, we can get its secrect!
Summary
There is XSS vulnerability below! The reason for the vulnerability is that there is no filter on user input. According to the guidelines of CMS, We can create a user, and we can control the user's account number, password and email and so on.....
Exploition
After, There are many ways to trigger the vulnerability! The one is that we can make a comment and wait other users to click the user created by ourselves. The another one can get admin's secrect util admin login.
OK! We will create a user at first. Press the submit button, we get a alert below we can create a normal user account via this way, and then we can update the information
After we update the user's information, wo would wait! When the admin user login, we can get its secrect!