STCMS V3. 3 storm administrator password 0DAY vulnerability(figure a-vulnerability warning-the black bar safety net

Affected versions: STCMS V3. 3 Official address: Vulnerability causes: There is no filter$SERVER,causing the user can fake the$SERVERX-FORWARDED-FOR, so the malicious injection statement written to the database. ! Using the steps of: 1. Enter a comment on the page, the first comment A and capture...