Background setting function parameter【bbsmeta】Storage XSS vulnerabilities #5
Comments
|
3Q,But i think if a people need to access to the backend,and destroy it,then this is not a bug |
|
I think it is difficult to exploit the vulnerability,But,it is recommended to filter dangerous characters such as <script> |
|
i think i can't ignore your kindness, I decided to update to github during the 端午 Festival |
|
thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First log in to the background and go to the background Settings,(Compare the storage XSS vulnerabilities of chicken ribs)
Description here(HTML syntax support),Guess there is an XSS vulnerability,Get the parameter 【bbsmeta】here by grabbing the bag,Trace in the source code
application/controllers/AdminController.php code
This was filtered by addslashes() and htmlspecialchar ()
Obviously when you insert the data into the database you will have a layer of filtering, and then you will continue to track the specific page output location of this parameter to the following
application/views/index/index.php code
When the page is output here, the following function is made for the parameter 【bbsmeta】to handle htmlspecialchars_decode
The storage XSS here results in the storage XSS due to the use ofhtmlspecialchars_decode() function,
So through the black box to verify
Insert the following test statement in the background and click Update
payload:
<script>alert(/xss/)</script>The XSS is then accessed directly to the foreground and executed successfully
**http://20.20.20.129:8000/zibbs/index.php**Solution:
filter or encode special characters like this
<
"
'
&
%
... ...
and filter some keyword like this
script
javascript
... ...
or filter some label function which can run javascript like this
onclick
onerror
onload
... ...
The text was updated successfully, but these errors were encountered: