SakuraPanel
SakuraPanel copied to clipboard
Published
20 hours ago •
ZeroDream-CN
ZeroDream-CN
Possible XSS vulnerability
Hello,
I would like to report for XSS vulnerability.
In file https://github.com/ZeroDream-CN/SakuraPanel/blob/master/core/PostHandler.php
line 87
$result = $pm->checkRules($_POST);
In function checkRules
public function checkRules($data)
{
// ....
if($this->isProxyNameExist($data['proxy_name'])) {
return Array(false, "隧é�“ {$data['proxy_name']} å·²å˜åœ¨ï¼Œè¯·ä½¿ç”¨å…¶ä»–å��å—");
}
// ....
}
line 96
$msg = $result[1] ?? "未知错误";
exit($msg);
exit will terminate the script and print the message which have the value $data['proxy_name']. Then there is XSS vulnerability
