search

top-think / framework

ThinkPHP Framework
http://www.thinkphp.cn
Other
2.71k stars 1.05k forks source link

修正 $key 未编码导致的异常页面 XSS 漏洞 #2997

Closed big-dream closed 2 months ago

big-dream commented 3 months ago

修正异常页面的 XSS 漏洞

请求

GET http://127.0.0.1:8080/?%3Cscript%3Eeval(atob(`YWxlcnQoJzEyMycp`))%3C/script%3E=1

控制器

<?php

namespace app\controller;

class Index
{
    public function index(array $params)
    {
    }
}

2996