Discuz X2 路徑洩漏

2012-08-11T00:00:00
ID SSV:93664
Type seebug
Reporter Root
Modified 2012-08-11T00:00:00

Description

简要描述:

缺少 exit(‘Access Denied’); 直接浏览该程序直接报错 BTW 一共发现了7个 XSS 包含储存式跟反射式. 等之后整完整點再发出来

详细说明:

檔案路徑: /source/include/misc/misc_ranklist_index.php

漏洞证明:

<img src="https://images.seebug.org/upload/201208/11212129fb310bb13004a93f6f3dfda4895f303f.png" alt="" width="600" onerror="javascript:errimg(this);">