ThinkSAAS最新版2.4 Xss漏洞
简要描述: 未过滤 详细说明: 先看写入代码: /var/www/html/thinksaas/app/my/action/setting.php case "citydo": $province = trim$POST'province'; $city = trim$POST'city';//只过滤两处空白 //这里就直接写入数据库了 $new'my'-update'userinfo',array 'userid'=$userid, ,array 'province'=$province, 'city'=$city, ; tsNotice"常居地更新成功!"; break; Updat...