Vulnerability Product:funboot
Vulnerability version: v1.1
Vulnerability type: Stored XSS
Vulnerability Details:
<script>alert(document.cookie)</script>
the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff
-
First, log in: https://www.funboot.net/backend/site/login
Default account: test
Default password: 123456
-
After logging in, create a message here in the message list
-
When creating a message, users, titles, and content can be selected
It is found that the title can construct malicious code storage type XSS to obtain user information and access it through the network
- Clicking on 'sent' will reveal the pop-up cookie information
Prove the existence of stored xss
Vulnerability Product:funboot
<script>alert(document.cookie)</script>Vulnerability version: v1.1
Vulnerability type: Stored XSS
Vulnerability Details:
the Stored XSS payload could let admin causes disclosure of cookies、root path of websites、variables of PHP and stuff
First, log in: https://www.funboot.net/backend/site/login
Default account: test
Default password: 123456
After logging in, create a message here in the message list
When creating a message, users, titles, and content can be selected
It is found that the title can construct malicious code storage type XSS to obtain user information and access it through the network
Prove the existence of stored xss