Found xss vulnerability and Information Disclosure Vulnerability in post-edit.php

environment:

- php.7.3.4
- win10

First,you need to Login the backstage here:   /mc-admin/

![image](https://user-images.githubusercontent.com/63861767/178090196-1c6482b4-080f-4ccd-9e5f-ee7103f6d3ae.png)


Second,use payload:           /mc-admin/post-edit.php?id=%3Cscript%3Ealert%285%29%3C/script%3E

![image](https://user-images.githubusercontent.com/63861767/178090338-6d98cc90-f0a5-492d-9356-d3c4cf4be06c.png)


you will see Pop-ups,then click here :

![image](https://user-images.githubusercontent.com/63861767/178090374-84b91b60-37b3-433e-bdb3-89b49860b821.png)

you will see Web Directory leak out like this:

![image](https://user-images.githubusercontent.com/63861767/178090466-a98f003e-1922-4ccd-bc39-76f046cc4a2e.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Found xss vulnerability and Information Disclosure Vulnerability in post-edit.php #46

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Found xss vulnerability and Information Disclosure Vulnerability in post-edit.php #46

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions