Visit to /install
The source code
\install\index.php uses the file_exists function to determine if the install.lock file exists.
If there is a problem with the permission settings at this time, file_exists may not be able to read the file, and the function will return false, which can result in reloading.
Can be used with the previous vulnerability, enter some special characters on the installation page.
Access any address after installation, such as the home page http://www.a.com:81/
The following vulnerabilities are all stored XSS, the main reason is that the user's input is not restricted and filtered.
Here is a unified description of the vulnerability: after the administrator logs in, you can modify and insert the XSS statement. It can be seen in the given code that the addition and modification do not limit the user's input, so the attacker can construct the statement. Inserted into it, causing XSS vulnerabilities