Q1ngShan

10.14.6 i5 1080 睡眠后只能通过关盖盒盖唤醒

3

10.14.6 i5 1080 睡眠后只能通过关盖盒盖唤醒

There is one SSRF vulnerability that can get some sensitive information

1

Vulnerability location：`app/setting/controller/ApiAdminDomainSettings.php`：  The problem arises in line 28——39： ```php $ch = curl_init(); $options = array( CURLOPT_URL => $api, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => implode("\n", $urls), CURLOPT_HTTPHEADER...

This is a stored XSS which allows attacker to insert javascript code into database. When user see the message, attacker is able to steal user's cookie. **Filename** /app/widget/controller/ApiAdminWidgetPages.php **Code** ```php...