In '/admin/reg.php'
We can see that after the user and pwd parameters are obtained, the length of the user name and other characters are directly stored in the database without verification
Only the '/system/safe/360webscan. PHP' file is filtered in the middle!
The interception rules are as follows
We only need to set the user name to XSS code when registering,like
<input onfocus=\u0061\u006c\u0065\u0072\u0074(1)
The protection can be bypassed
Where onfocus attribute is' alert (1) 'after HTML encoding
This coding can bypass the detection and execute arbitrary JS code, which is triggered when the administrator clicks
After registration, you can see XSS in the background '/ admin / userlist. PHP' file
The text was updated successfully, but these errors were encountered:
Hello, we have received your feedback.
This is the case at present, the v2.10 version has exceeded its life cycle and no longer supports update and maintenance.
If you want to help fix this vulnerability, you may wish to submit a PR, we will complete the review and merger as soon as possible, for this, we sincerely thank you for your attention.
In '/admin/reg.php'


We can see that after the user and pwd parameters are obtained, the length of the user name and other characters are directly stored in the database without verification
Only the '/system/safe/360webscan. PHP' file is filtered in the middle!
The interception rules are as follows
$postfilter = "<.=(&#\d+?;?)+?>|<.data=data:text\/html.>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmark\s?(.)|sleep\s?(.)|\b(group_)?concat[\s\/\]?\([^\\)]+?\)|\bcase[\s/*]?when[\s/*]?([^\)]+?)|load_file\s?\()|<[^>]?\b(onerror|onmousemove|onload|onclick|onmouseover)\b|\b(and|or)\b\s?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|\s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\.\\/|<\sscript\b|\bEXEC\b|UNION.+?SELECT\s*((.+)\s*|@{1,2}.+?\s*|\s+?.+?|(
|'|\").*?(|'|")\s*)|UPDATE\s*((.+)\s*|@{1,2}.+?\s*|\s+?.+?|(|'|\").*?(|'|")\s*)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?|(|'|\").*?(|'|"))FROM(\(.+\)|\s+?.+?|(|'|\").*?(|'|"))|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)|<.*(iframe|frame|style|embed|object|frameset|meta|xml|a|img)";We only need to set the user name to XSS code when registering,like
<input onfocus=\u0061\u006c\u0065\u0072\u0074(1)

The protection can be bypassed


Where onfocus attribute is' alert (1) 'after HTML encoding
This coding can bypass the detection and execute arbitrary JS code, which is triggered when the administrator clicks
After registration, you can see XSS in the background '/ admin / userlist. PHP' file
The text was updated successfully, but these errors were encountered: