Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In the install/database.php
line 9:$cur_lang = $_REQUEST['lang'] ? $_REQUEST['lang'] :"zh";
$cur_lang = $_REQUEST['lang'] ? $_REQUEST['lang'] :"zh";
$cur_langaccept the parameter from the $_REQUEST['lang'],then in the line:142
$cur_lang
$_REQUEST['lang']
<input type="hidden" value="<?php echo $cur_lang;?>" id="lang">
put the parameter directly in the html
i reproduce the attack in the docker.
after set up the docker, just open the url:http://127.0.0.1:4999/install/database.php?lang=%22%3E%3Csvg/onload=alert(/lambdax/)%3E
then:
the source code:
remove install.lock if you want to reproduce it again
The text was updated successfully, but these errors were encountered:
It is ok . Nobody will visit this url before install . And nobody can visit this url afer install
Sorry, something went wrong.
Yep.thank you for your reply.
No branches or pull requests
In the install/database.php
line 9:
$cur_lang = $_REQUEST['lang'] ? $_REQUEST['lang'] :"zh";$cur_langaccept the parameter from the$_REQUEST['lang'],then in the line:142<input type="hidden" value="<?php echo $cur_lang;?>" id="lang">put the parameter directly in the html
i reproduce the attack in the docker.
after set up the docker, just open the url:http://127.0.0.1:4999/install/database.php?lang=%22%3E%3Csvg/onload=alert(/lambdax/)%3E
then:
the source code:
remove install.lock if you want to reproduce it again
The text was updated successfully, but these errors were encountered: