Discuz full version of the stored DOM XSS that can be hit, the administrator attached to the Discuz official development 4 pit&validation script-vulnerability warning-the black bar safety net

2015-06-08T00:00:00
ID MYHACK58:62201563385
Type myhack58
Reporter 佚名
Modified 2015-06-08T00:00:00

Description

Discuz editor JS to improper handling of lead storage typeXSS.

Reason:

JS native take ELEMENT in the HTML content of the method, the service side escape single double quotes entity encoding is inverted.

Code analysis:

Here with the latest version of the local test payload is: [align="onmouseover="alert(1)]

The official forum site quietly in 2 0 1 5-1-2 1 modified the code, resulting in more payload to be filtered, but with 2 can be bypassed.

/forum. php? mod=post&action=edit&fid=xx&tid=xx&pid=xx&page=x

!

!

/static/js/common.js:

!

!

/static/js/bbcode.js:

!

/static/js/editor.js

!

!

Debugging process:

!

!

!

!

!

!

!

!

!