First ,we need to configure a CMS environment locally
Open the website:http://typecho.org/download
Unzip them to the server directory and install this CMS
Third,create an article and open it.And comment the payload“alert(1) ” below it
we can see it was HTML materialization,now we get into manage page:
in this manage page ,we can see that “<script>” is filtered
I guess the system filters a tag,so Let's try double writing “<script>” here,then just like this page:
then ,the browser alert a xss payload!
