pengge
commented
1 year ago 请考虑使用全局过滤,防止攻击,更改后需要检测业务是否存在影响。或者使用相关WAF拦截 application\config.php
'default_filter' => 'htmlspecialchars,addslashes,strip_tags',
Closed zhangzhijie98 closed 4 months ago
pengge
commented
1 year ago 请考虑使用全局过滤,防止攻击,更改后需要检测业务是否存在影响。或者使用相关WAF拦截 application\config.php
'default_filter' => 'htmlspecialchars,addslashes,strip_tags',
version:1.5.1 Vulnerability location:Background - > System - > system function - > configuration management.
Add a new configuration,and insert payload in the configuration title
payload: t">
Save and refresh the page. Pop up window.
payload: <img src=x onerror=alert("xss")>
When you visit this page, a pop-up window will pop up.