New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS Vulnerability in /admin/problem_judge.php #866
Comments
|
thank you very much for reporting this |
|
Although repairing in this way can prevent xss, it will cause some business problems. I recommend repairing like #867 |
|
no , this will not cause business problems , because these input should be treat as TEXT from the beginning . |
|
Still, it's a marvelous work you've done ! |
|
I made a mistake, this change can defend xss。 |
|
@zhblue hustoj/trunk/web/swadmin/problem_judge.php Lines 106 to 113 in ec618ac
hustoj/trunk/web/swadmin/problem_judge.php Lines 115 to 123 in ec618ac
|
描述问题
XSS Vulnerability exists in
hustoj/trunk/web/admin/problem_judge.php
Line 138 in 417173d
如何复现
Steps to reproduce the behavior:
for example:
Then you can get a sid.

example:
The text was updated successfully, but these errors were encountered: