Stored xss when administrator edits posts in the same group, or just click a url
存储型跨站漏洞,当组管理员修改组内帖子时触发,也可直接点击触发
Ways to reproduce:
复现方法:
1 admin1 creates a new group with the following request, notice that the malicious code has been injected in groupname param.
1 admin1使用如下请求建立一个小组,注意groupname字段已经被注入恶意代码。
Stored xss when administrator edits posts in the same group, or just click a url
存储型跨站漏洞,当组管理员修改组内帖子时触发,也可直接点击触发
Ways to reproduce:
复现方法:
1 admin1 creates a new group with the following request, notice that the malicious code has been injected in groupname param.
1 admin1使用如下请求建立一个小组,注意groupname字段已经被注入恶意代码。
2 admin1 invites admin2 as an administrator of this new group and post anything. PS: without agreement, one could invite anyone as his group adminstrator.
2 admin1邀请admin2作为小组管理员,并发帖。同时:邀请别人成为小组管理员并不需要获得其同意。
3 once admin2 edits any posts in this group, or just click: http://yourdomian/thinknew/index.php?app=group&ac=topicedit&topicid={your_topic_id_which_easy_to_get}
admin2 would execute the js code which had been injected in the group name.
3 当admin2管理组内帖子时,或只是点击url:http://yourdomian/thinknew/index.php?app=group&ac=topicedit&topicid={你的topic id,很容易获取}
admin2将执行已经被嵌入groupname中的js代码
The text was updated successfully, but these errors were encountered: