| 标题 | DolphinPHP<=1.5.0 Authenticated Stored Cross-Site Scripting(XSS) |
|---|
| 描述 | Description
The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).
Vendor Homepage
https://dolphinphp.com/
https://github.com/caiweiming/DolphinPHP
Author
[email protected] inc
Proof of Concept
1,After the system installation is completed, log in to the background blockchain blockchain blockchain
2,Insert a danger code where the nickname is modified in the personal settings
<script>alert(1);</script>超级管理员
3,Click "user" - > "permission management" - > "user management" to execute the code |
|---|
| 来源 | ⚠️ https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md |
|---|
| 用户 | webray.com.cn (UID 24778) |
|---|
| 提交 | 2022-03-17 09時16分 (4 年前) |
|---|
| 管理 | 2022-03-17 11時26分 (2 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 195368 [DolphinPHP 直到 1.5.0 User Management Page 跨网站脚本] |
|---|
| 积分 | 20 |
|---|