4 matches found
discuz! x3.0 /static/image/common/focus.swf 跨站脚本漏洞
No description provided by source...
discuz! x3.0 /static/image/common/flvplayer.swf 跨站脚本漏洞
No description provided by source...
Discuz X3.0存储型XSS(应该是通杀)
简要描述: 过滤的不严格 详细说明: DZ3的日志功能,tamper data抓包并修改可插入恶意xss代码。 有效payload如下: 我还在那个什么叫习科的论坛上测试了一下,他们应该是dz2.5 也成功了。 在个人空间发布日志,利用方法和上面的一样。 漏洞证明: 第一张是dz3的最新版 我下了个GBK version: 第二张是习科的...
dz3. 0/2. 5 Background to get shell-vulnerability warning-the black bar safety net
To work seen after the tick community has released a discuz x3 the background to get the shell method, then t00ls members also tested discuz x2. 5 the background to get the shell method. A good ass is I tested didn't, caught the packet and the given case is not the same now! After the study found...