Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
20 lines (12 sloc) 849 Bytes

XSS

code

The vulnerability appears in line 27 of QCMS/upload/System/Controller/guest.php

$result = $this->_guestObj->insert(array('title' => $_POST['title'], 'name' => $_POST['name'], 'email' => $_POST['email'], 'content' => $_POST['content'], 'addtime' => time()));

You can see that all POST content is submitted directly. The following is the entire code.

The null value is only judged on the submitted content, so the attacker can insert XSS statements.

show

After submitting, it is found that the front end only displays the title, name, and content parameters. The backend shows the title, name, and email parameters: