unknownerror-bot
unknownerror-bot
Product Homepage: http://www.mossle.com/index.do Place of backstage exists Csrf Vulnerability,attacker Structure a csrf payload,Once the administrator clicks on the malicious link, the component information is automatically add. There is an xss...
您好,我在lemon v1.10.0中编辑组件处发现存在存储型XSS **有效负荷:** alert('cookie') 文件名:src\main\java\com\mossle\portal\web\PortalController.java line : 96~151 代码: ``` @RequestMapping("save") public String save(@RequestParam(value = "id", required = false) Long id, @RequestParam("portalWidgetId") Long portalWidgetId, @RequestParam("portalItemName") String portalItemName) { String userId...
未进行过滤以及实体化用户输入的内容 有效负荷: alert/xss/) 文件名:blog/src/main/java/com/xuzijia/admin/blog/controller/ CommentAdminController.java 代码:  结果:   利用代码 exp代码如下:在后台评论管理处回复alert(/xss/) 点击提交后在查看对话中可以看到弹框
Spring info漏洞 只要是状态码200就算存在? 状态码200,reponse是404,这种也会提示存在地址存在吗? Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. Fri Aug 18 12:07:54 CST 2023 There...