Store Cross Site Script Attack on Upload HTTP Request Header

[mcblog]

Hi, how is going? I test imgurl upload functions. And I found a XSS vulnarability.

First step：

Put payload on upload header : X-Forwarded-For: "><img src=# onerror=alert(/a/)>

Second

then web administrator click

---

The method to solve it:

all the request header filter special character。

过滤http请求头的所有特殊字符。

[helloxz]

感谢您的反馈，这应该是由于获取用户IP的时候，XFF头没有进行验证导致。我修复一下。