MiniCMS
MiniCMS copied to clipboard
bg5sbk
至简的个人网站内容管理系统
vulnerability location:date parameter /MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04 Payload: alert(123) Access the address with payload after login: /MiniCMS-1.11/mc-admin/page.php?state=draft&date=2024-04alert(123) Then we can find it triggering the xss vulnerability:
尊敬的作者:请问这个cms能承载多少篇文章?如果文章写到9000篇的话,加载速度会不会比较慢,效率低了? 另外cms的安全性怎么样,黑客会找漏洞攻击吗?
1、Download source code audit,It was found that the date parameter in the post.php file was not filtered during output. ```php # line 245 function goto_page(e) { var evt = e...
environment: - php.7.3.4 - win10 First,you need to Login the backstage here: /mc-admin/  Second,use payload: /mc-admin/post-edit.php?id=%3Cscript%3Ealert%285%29%3C/script%3E  you will see Pop-ups,then click here :  you will see Web...
Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; Markdown_Parser has a deprecated constructor in /home/ftp/f/fgjqikdf/wwwroot/mc-files/markdown.php on line 223 Deprecated:...
First , Click to enter the creation page  Then, enter XSS payload in the content bar and Remember to choose publish  Click to view  OK! 
 
 revise admin password 
use CSRF vulnerability to delete multiple pages it was found in mc-admin/page.php.This vulnerability is similar to CVE-2019-9603 but at a different place. 1. if admin create new page like ccc,aaa...
One: use CSRF vulnerability to delete article Vulnerability details: When the administrator logs in, opening the webpage will automatically delete the specified article. Vulnerability url: http://127.0.0.1/MiniCMS/mc-admin/post.php Vulnerability POC:
