| 标题 | Online Computer and Laptop Store have Stored xss |
|---|
| 描述 | The manager can use xss in the place where the product name is set in the background
Use the default account password "admin/admin&123" to log in url 'http://localhost:3456/php-ocls/admin/?page=product/manage_product&id=2'
Set the product name as follows
https://camo.githubusercontent.com/bb3885d06bcbf07a61544d2c394bdb4ff8ba986619429c2988acb536bb7085f0/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313930393131342e706e67
then click save
https://camo.githubusercontent.com/ae142b98e6129c7f69295676d1ec19eb90c15dc9c12db6c29e18e45adf5ded30/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313931303636332e706e67
Visiting the homepage will trigger xss
https://camo.githubusercontent.com/e63a04beb24984bcf8aa9134932db1bba3b43320ee351c35f7da309ac27f835a/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313931313433362e706e67
https://camo.githubusercontent.com/ac847537d1876eb83998e50118d346bb46b25dce284c3a8894d9f8a63ac02fa4/68747470733a2f2f74797065726f2d313331323536333937382e636f732e61702d7368616e676861692e6d7971636c6f75642e636f6d2f74797065726f2f3230323330343034313932363530382e706e67
github: https://github.com/v2ish1yan/mycve/blob/main/ocls.md |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html |
|---|
| 用户 | v2ish1yan (UID 44333) |
|---|
| 提交 | 2023-04-04 13時36分 (3 年前) |
|---|
| 管理 | 2023-04-05 07時58分 (18 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 224996 [SourceCodester Online Computer and Laptop Store 1.0 manage_product&id=2 Product Name 跨网站脚本] |
|---|
| 积分 | 20 |
|---|