Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

The PHP version of Feifei Movie and Television System V2.7.130201 has a storage type XSS vulnerability

Feifei V2.7.130201 installation package:https://www.tongyixiazai.com/soft/10001228.html

Recurrence environment:

Windows 10

Phpstudy

Vulnerability description:

The vulnerability exists in \Public\system\slide_add.htmlfiles that are not filtered for any special characters during the addition process, resulting in a storage based XSS vulnerability.

Vulnerability recurrence:

Extension tool - Add slide introduction parameter input script for homepage slide<style onload=alert(1)>,There is a storage type XSS vulnerability, as shown in the figure.

image

image

image

As can be seen from the following figure,in the file\Public\system\slide_add.html,during the process of adding the homepage slide, parameters are brought into the database for update without any processing

image