XSS vulnerability exists in phpwind

作者 : laolisafe 本文共906个字,预计阅读时间需要3分钟 发布时间: 2020-07-31 共309人阅读

phpwind has XSS vulnerability in default template
Tested through the demo site on the official website and found that the latest version is the same
url:http://demo.phpmywind.com/
Vulnerable URL:http://demo.phpmywind.com//goodsshow.php?cid=12&tid=10&id=1
Start the packet capture test:

Click to buy now

POST:
POST /shoppingcart.php?a=addshopingcart HTTP/1.1
Host: demo.phpmywind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: text/html, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 71
Origin: http://demo.phpmywind.com
Connection: keep-alive
Referer: http://demo.phpmywind.com/goodsshow.php?cid=12&tid=10&id=1

typeid=10&goodsid=1&buynum=1&attrid_1=%E9%BB%91%E8%89%B2&attrid_2=WCDMA

Modify the JavaScript statement of the parameter attrid_1
Successfully triggered

提供最优质的资源集合

立即查看 了解详情