comment.php code show as below. Only length restrictions are applied to the $msgtitle. So caused a loophole. We can use /**/ to bypass the length limit. For example, the first comment title input "<script>alert(11111/", and second input "/11111)</script>". View comments in the background to trigger the vulnerability.
comment.php code show as below. Only length restrictions are applied to the $msgtitle. So caused a loophole. We can use /**/ to bypass the length limit. For example, the first comment title input "<script>alert(11111/", and second input "/11111)</script>". View comments in the background to trigger the vulnerability.
The text was updated successfully, but these errors were encountered: