0%

Emlog Stored Cross-Site Scripting(XSS)

发表于 2024-03-22 分类于网络安全
本文字数： 491 阅读时长 ≈ 1 分钟

Emlog Stored Cross-Site Scripting(XSS)

Description

The client lacks proper validation when storing user input, resulting in a stored xss vulnerability.

Vendor Homepage

1 2	https://www.emlog.net/ https://github.com/emlog/emlog

Proof of Concept

Install emlog and log in as administrator.

In the left navigation bar, enter the “微语” function and enter the payload:

1	<script>alert(document.cookie)</script>

Then click “发布” botton.

Add “微语” at “外观”-“边栏”.

All users now will trigger the attack code and a pop-up window when they enter the homepage of the website.

本文作者： 岚曦
本文链接： https://hybbwuxidixi.github.io/2024/03/22/Emlog Stored Cross-Site Scripting(XSS)/
版权声明： 本博客所有文章除特别声明外，均采用 BY-NC-SA 许可协议。转载请注明出处！