{"type": "seebug", "lastseen": "2017-11-19T13:06:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "href": "https://www.seebug.org/vuldb/ssvid-94315", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "modified": "2015-03-31T00:00:00", "reporter": "Root", "description": "### \u7b80\u8981\u63cf\u8ff0\uff1a\n\nthinksaas\u6700\u65b0\u7248xss\n\n### \u8be6\u7ec6\u8bf4\u660e\uff1a\n\n\u6f0f\u6d1e\u6587\u4ef6\uff1a\\app\\group\\action\\create.php\n\n\n```\ncase \"do\":\n\t\n\t\tif($TS_APP['options']['iscreate'] == 0 || $TS_USER['user']['isadmin']==1){\n\t\t\t\n\t\t\t$groupname = trim($_POST['groupname']);//\u8fd9\u91cc\u6ca1\u6709\u8fc7\u6ee4\n\t\t\t$groupdesc = tsClean($_POST['groupdesc']);//\u91cd\u70b9\u51fd\u6570tsClean\u8fc7\u6ee4\u4e86\n\t\t\t\n\t\t\tif($groupname=='' || $groupdesc=='') {\n\t\t\t\ttsNotice('\u5c0f\u7ec4\u540d\u79f0\u548c\u4ecb\u7ecd\u4e0d\u80fd\u4e3a\u7a7a\uff01');\n\t\t\t}\n\t\t\t\n\t\t\t//\u8fc7\u6ee4\u5185\u5bb9\u5f00\u59cb\n\t\t\tif($TS_USER['user']['isadmin']!=1){\n\t\t\t\taac('system')->antiWord($groupname);\n\t\t\t\taac('system')->antiWord($groupdesc);\n\t\t\t}\n\t\t\t//\u8fc7\u6ee4\u5185\u5bb9\u7ed3\u675f\n\t\t\t\n\t\t\t//\u914d\u7f6e\u6587\u4ef6\u662f\u5426\u9700\u8981\u5ba1\u6838\n\t\t\t$isaudit = intval($TS_APP['options']['isaudit']);\n\t\t\tif($TS_USER['user']['isadmin']==1){\n\t\t\t\t$isaudit = 0;\n\t\t\t}\n\t\t\t\n\t\t\t$isGroup = $new['group']->findCount('group',array(\n\t\t\t\t'groupname'=>$groupname,\n\t\t\t));\n\t\t\t\n\t\t\tif($isGroup > 0) {\n\t\t\t\ttsNotice(\"\u5c0f\u7ec4\u540d\u79f0\u5df2\u7ecf\u5b58\u5728\uff0c\u8bf7\u66f4\u6362\u5176\u4ed6\u5c0f\u7ec4\u540d\u79f0\uff01\");\n\t\t\t}\n\t\t\t$groupid = $new['group']->create('group',array(\n\t\t\t\t'userid'\t=> $userid,\n\t\t\t\t'groupname'\t=> $groupname,\n\t\t\t\t'groupdesc'\t=> $groupdesc,\n\t\t\t\t'isaudit'\t=> $isaudit,\n\t\t\t\t'addtime'\t=> time(),//\u91cd\u70b9\uff0c\u8fd9\u91cc\u63d2\u5165\u8fdb\u53bb\uff0c\u672a\u8fc7\u6ee4\u3002\n\t\t\t));\n```\n\n\n \n\n### \u6f0f\u6d1e\u8bc1\u660e\uff1a\n\n\u5229\u7528\u8fc7\u7a0b\uff1a\n\u767b\u5f55-\u5c0f\u7ec4-\u521b\u5efa\u5c0f\u7ec4-\u5c0f\u7ec4\u540d\u79f0\u672a\u8fc7\u6ee4\u3002\n\n\n[<img src=\"https://images.seebug.org/upload/201503/2617283608a22de7fba4d9ef683997c4b613bb44.png\" alt=\"7.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201503/2617283608a22de7fba4d9ef683997c4b613bb44.png)\n\n\n\u521b\u5efa\u4e4b\u540e \n\n\n[<img src=\"https://images.seebug.org/upload/201503/261728574d3e71038c1106db1e20c424b5cd0d50.png\" alt=\"8.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201503/261728574d3e71038c1106db1e20c424b5cd0d50.png)\n\n\n1.\n\u70b9\u51fb\u53d1\u5e03\u5e16\u5b50\uff0c\u89e6\u53d1\u6f0f\u6d1e\n\n\n[<img src=\"https://images.seebug.org/upload/201503/261729210aa24d2cf383b58db3ce93e953b04c0b.png\" alt=\"9.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201503/261729210aa24d2cf383b58db3ce93e953b04c0b.png)\n\n\n2.\u8bbe\u7f6e-\u5c0f\u7ec4-\u521b\u5efa\u7684\u5c0f\u7ec4\n\n\n[<img src=\"https://images.seebug.org/upload/201503/26172943a024ee700d3176f51728b36e4dc98ea8.png\" alt=\"18.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201503/26172943a024ee700d3176f51728b36e4dc98ea8.png)", "bulletinFamily": "exploit", "references": [], "objectVersion": "1.4", "viewCount": 3, "status": "details", "sourceHref": "", "cvelist": [], "enchantments_done": [], "title": "thinksaas\u6700\u65b0\u7248xss", "id": "SSV:94315", "sourceData": "", "published": "2015-03-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2017-11-19T13:06:01"}, "vulnersScore": 7.5}, "_object_type": "robots.models.seebug.SeebugBulletin"}

{}