漏洞文件index.php
漏洞代码:
10: // some general xxs protection
11: $_GET[search] = str_replace(script, , $_GET[search]);
12: $_GET[username] = str_replace(script, , $_GET[username]);
代码只是删除脚本文件的关键字,页面易受XSS攻击
POC
漏洞文件index.php
漏洞代码:
10: // some general xxs protection
11: $_GET[search] = str_replace(script, , $_GET[search]);
12: $_GET[username] = str_replace(script, , $_GET[username]);
代码只是删除脚本文件的关键字,页面易受XSS攻击
POC