大米CMS v4.9 绕过防御储存型xss。( 附添加管理员poc)
简要描述: rt 详细说明: removexss这个函数太弱了。 function removexss$val // remove all non-printable characters. CR0a and LF0b and TAB9 are allowed // this prevents some character re-spacing such as // note that you have to handle splits with \n, \r, and \t later since they are allowed in some inputs $val =...
