Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: V5.5 Cross Site Scripting Vulnerability #3

Open
zhouxingixng opened this issue Jan 9, 2019 · 1 comment
Open

Bug: V5.5 Cross Site Scripting Vulnerability #3

zhouxingixng opened this issue Jan 9, 2019 · 1 comment

Comments

@zhouxingixng
Copy link

There is an xss vulnerability in your latest version of the v5.5

In the PHPMyWind_5.5/admin/templates/html/default.html:
image

2.Steps To Reproduce:
image
image

Fix:

  1. Strictly verify user input, you must perform strict checks and html escape escaping on all input scripts, iframes, etc. The input here is not only the input interface that the user can directly interact with, but also the variables in the HTTP request in the HTTP request, the variables in the HTTP request header, and so on.
  2. Verify the data type and verify its format, length, scope, and content.
  3. Not only need to be verified on the client side but also on the server side.
  4. The output data should also be checked. The values in the database may be output in multiple places on a large website. Even if the input is coded, the security check should be performed at the output points.
@duyueping
Copy link
Collaborator

thank you very much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants