2 matches found
Discuz 4.0 头像设置处可以持久型脚本
简要描述: Discuz 4.0 头像设置处可以post xss脚本, 可能是个老漏洞了,在内网的论坛上发现的,不知道是否没升级…… 详细说明: Discuz 4.0 头像设置处,先选一个系统自带头像,提交,抓包。 将头像地址【customavatars/190.jpg】替换为xss脚本【javascript:alert/x/】,post提交后,所有头像引用代码辩位;可以成功执行。 不过引号、,等会被替换或编码,必须构造无引号的语句 漏洞证明:...
CVE-2005-2614
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php...