修正 $key 未编码导致的异常页面 XSS 漏洞(ThinkPHP 6.0)

top-think / framework

ThinkPHP Framework

http://www.thinkphp.cn

Other

2.71k stars 1.05k forks source link

Closed big-dream closed 2 months ago

big-dream commented 2 months ago

修正异常页面的 XSS 漏洞

GET http://127.0.0.1:8080/?%3Cscript%3Eeval(atob(`YWxlcnQoJzEyMycp`))%3C/script%3E=1

<?php

namespace app\controller;

class Index
{
    public function index(array $params)
    {
    }
}