New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

page.php maybe has some vul #2

Open

1iK3 opened this issue May 25, 2018 · 2 comments

1iK3 commented May 25, 2018 •

edited

Loading

When I visit the next three url, my code will be injected to the source code of the page at the location of page number area.
http://localhost/wind/newsshow.php?cid=4"onmouseover='FeGh(9201)&id=19
http://localhost/wind/news.php?"onmouseover='FeGh(9201)'bad="
http://localhost/wind/about.php?"onmouseover='B427(9671)'bad="

Then, you can use browser check the source code cf the page, you will find the payload code in the code where is page number area.

The vul coursed by the "$nowurl" in “page.class.php"

Collaborator

duyueping commented Sep 10, 2018

Can you describe it in detail? thank you very much

NicoleG25 commented Jan 2, 2020 •

edited

Loading

Was this issue ever addressed? please note that CVE-2018-11487 was assigned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment