XSS vulnerability exists in phpwind
phpwind has XSS vulnerability in default template
Tested through the demo site on the official website and found that the latest version is the same
url:http://demo.phpmywind.com/
Vulnerable URL:http://demo.phpmywind.com//goodsshow.php?cid=12&tid=10&id=1
Start the packet capture test:
Click to buy now
POST: POST /shoppingcart.php?a=addshopingcart HTTP/1.1 Host: demo.phpmywind.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: text/html, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Content-Length: 71 Origin: http://demo.phpmywind.com Connection: keep-alive Referer: http://demo.phpmywind.com/goodsshow.php?cid=12&tid=10&id=1 typeid=10&goodsid=1&buynum=1&attrid_1=%E9%BB%91%E8%89%B2&attrid_2=WCDMA
Modify the JavaScript statement of the parameter attrid_1
Successfully triggered