Vulnerability Product:ForestBlog
Vulnerability version: all
Vulnerability type: Stored XSS
Vulnerability Details:
<script>alert(document.cookie)</script>
the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff
-
Login link: http://forestblog.liuyanzhao.com/login
I registered my own account here
Account: linkk
Password: linkk
-
When writing the article title or content, enter<script>alert (document. cookie)</script>
Click to publish
-
Click on the homepage to view this article
Discovered that xss was triggered
Vulnerability Product:ForestBlog
<script>alert(document.cookie)</script>Vulnerability version: all
Vulnerability type: Stored XSS
Vulnerability Details:
the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff
Login link: http://forestblog.liuyanzhao.com/login
I registered my own account here
Account: linkk
Password: linkk
When writing the article title or content, enter<script>alert (document. cookie)</script>
Click to publish
Click on the homepage to view this article
Discovered that xss was triggered