Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

重定向漏洞 #209

Closed
QiAnXinCodeSafe opened this issue Feb 19, 2019 · 1 comment
Closed

重定向漏洞 #209

QiAnXinCodeSafe opened this issue Feb 19, 2019 · 1 comment
Assignees
Labels
Milestone

Comments

@QiAnXinCodeSafe
Copy link

您好:
我是360代码卫士的工作人员,在我们的开源代码检测项目中发现zblogphp项目中存在一个重定向漏洞。详细信息如下:
在cmd.php页面中,当action为login,且用户已登陆时,line 19中会获取get参数redirect并用作重定向的路径
default

poc:localhost/zblogphp/zb_system/cmd.php?act=login&redirect=http://www.baidu.com

@zsxsoft
Copy link
Contributor

zsxsoft commented Feb 19, 2019

非常感谢360代码卫士的支持,我们会尽快修复!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants