代码拉取完成,页面将自动刷新
Vulnerability Analysis and Testing
I. When the user logs in, fill in the XSS payload at the user name
<script>alert(/xss/)</script>
II. Xss payload is used as user name, get and store in database
/jeeweb-web/jeeweb-admin/src/main/java/cn/jeeweb/web/modules/sys/entity/LoginLog.java
III. Trigger XSS when the administrator checks "Log-in Log" after login
/jeeweb-web/jeeweb-admin/src/main/java/cn/jeeweb/web/modules/sys/entity/LoginLog.java