Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
您好: 我是360代码卫士的工作人员,在我们的开源代码检测项目中发现zblogphp项目中存在一个重定向漏洞。详细信息如下: 在cmd.php页面中,当action为login,且用户已登陆时,line 19中会获取get参数redirect并用作重定向的路径
poc:localhost/zblogphp/zb_system/cmd.php?act=login&redirect=http://www.baidu.com
The text was updated successfully, but these errors were encountered:
非常感谢360代码卫士的支持,我们会尽快修复!
Sorry, something went wrong.
#209 修正了一个链接跳转的问题;
0071602
rainbowsoft
No branches or pull requests
您好:

我是360代码卫士的工作人员,在我们的开源代码检测项目中发现zblogphp项目中存在一个重定向漏洞。详细信息如下:
在cmd.php页面中,当action为login,且用户已登陆时,line 19中会获取get参数redirect并用作重定向的路径
poc:localhost/zblogphp/zb_system/cmd.php?act=login&redirect=http://www.baidu.com
The text was updated successfully, but these errors were encountered: