search

s3131212 / allendisk

http://ad.allenchou.cc
MIT License
39 stars 8 forks source link

XSS Vulnerability in /readfile.php #21

Open ghost opened 7 years ago

ghost commented 7 years ago

How to reproduce:

  1. Upload poc.html to your disk. poc.html <script>alert(1)</script>
  2. Make poc.html public.
  3. Get the link to poc.html, eg. http://localhost/readfile.php/poc.html?id=1966eed0e8227328b9007838f43185ff694578ad&password=7dced87b7273eb62c3832e0cc07eb857e93f083b
  4. XSS would be triggered once user visit the link above.