0%

Emlog Stored Cross-Site Scripting(XSS)-article function

发表于 2024-03-22 分类于网络安全
本文字数： 481 阅读时长 ≈ 1 分钟

Emlog Stored Cross-Site Scripting(XSS)

Description

The client lacks proper validation when storing user input, resulting in a stored xss vulnerability.

Vendor Homepage

1 2	https://www.emlog.net/ https://github.com/emlog/emlog

Proof of Concept

Register and log in as administrator.

Click “发新文章” on Personal Page.

Input payload：

1	![1](1"><script>alert('xss')</script><img src=")

Then click “立即发布” botton.

All users now will trigger the attack code and a pop-up window when they enter the homepage of the website.

本文作者： 岚曦
本文链接： https://hybbwuxidixi.github.io/2024/03/22/Emlog Stored Cross-Site Scripting(XSS) Article Function/
版权声明： 本博客所有文章除特别声明外，均采用 BY-NC-SA 许可协议。转载请注明出处！