Hello,
I would like to report XSS vulnerability.
In file AdminBaseController.class.php line 20
redirect(U('Admin/Login/login'));
In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Mode/Api/functions.php
line 869 function U
$domain = $host.(strpos($host,'.')?'':strstr($_SERVER['HTTP_HOST'],'.'));
function U
// line 999 $url = (is_ssl()?'https://':'http://').$domain.$url; // line 1003 return $url;
function redirect
// line 694 $url = str_replace(array("\n", "\r"), '', $url); // line 707 $str = "<meta http-equiv='Refresh' content='{$time};URL={$url}'>"; // line 709 exit($str);
exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.
The text was updated successfully, but these errors were encountered:
Fix XSS vulnerability (#6)
3254d6c
Fixed, thank you very much.
Sorry, something went wrong.
Thank you for your response.
CVE-2021-43682 is assign to this discovery.
thinkphp-bjyblog is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].
Similar sinks that I can see there is a source pass to them (Possible vulnerabilities).
In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Mode/Api/Controller.class.php
// line 61 exit(json_encode($data)); // line 69 $handler = isset($_GET[C('VAR_JSONP_HANDLER')]) ? $_GET[C('VAR_JSONP_HANDLER')] : C('DEFAULT_JSONP_HANDLER'); exit($handler.'('.json_encode($data).');');
In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Library/Think/Controller.class.php
//line 216 exit(json_encode($data,$json_option)); //line 224 $handler = isset($_GET[C('VAR_JSONP_HANDLER')]) ? $_GET[C('VAR_JSONP_HANDLER')] : C('DEFAULT_JSONP_HANDLER'); exit($handler.'('.json_encode($data,$json_option).');');
No branches or pull requests
Hello,
I would like to report XSS vulnerability.
In file AdminBaseController.class.php
line 20
In file https://github.com/baijunyao/thinkphp-bjyblog/blob/master/ThinkPHP/Mode/Api/functions.php
line 869 function U
function U
function redirect
exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST']. Then there is XSS vulnerability.
The text was updated successfully, but these errors were encountered: