Home > Others

Phpcms question and answer a module storage type XSS

Source: Internet
Author: User
Tags eval
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The black list is causing trouble.


At the reply, there is an editor function.

Editor there is a can edit the source code, then the first reflection is. There must be XSS here.

Sure enough, but, at the beginning of the test


<script>alert (1) </script>

And


, the discovery is unable to execute the JS code.

So, then on the http://html5sec.org/to find some partial door code test.

When testing: <form id= "test" ></form><button form= "test" formaction= "Javascript:alert (1)" >x</button >

, I was surprised to find that there was no filtration. As shown in the figure, click after the trigger



Of course, this also needs to click. After all, the person who replies is not everyone will click. So how can the success rate of XSS be enlarged?

Don't worry.

In http://html5sec.org/, there are still a lot of code to use. Such as:

<input Onfocus=alert (1) autofocus> open page when triggered (Ie10, Google, Firefox 4.5 effective)

In addition to this, there are many are through the browser, not one test, just take this proof of harm.



So we can get a wide net of fish.
The flaw proves: it is worth mentioning. <input Onfocus=alert (1) autofocus> Although the onfocus to execute JS. But don't forget we still have eval. You can construct <input onfocus=eval ("Here's the code we want to execute") autofocus>

To complete the attack. The constructed JS is as follows:



When users visit this post, they are the victims.





Not to try it all. I hope the PHPCMS team can also pay attention to the problem.


Repair scheme:

The editor is filtered based on blacklist. If you really want to open the editing source function, it is recommended to use whitelist filtering. Otherwise, it is best to turn off the open Edit Source feature, because you have no idea what the Cross station will use to code that you don't know at all.

There's also a reflective XSS here, by the way:

http://118.244.225.145/index.php?m=ask&c=team&a=team_list&order=team_point&catid=& Belong=team&name= "><SCRIPT>ALERT%281%29<%2FSCRIPT>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
answer security question grade 5 module 2 answer key grade 4 module 5 answer key pod type storage question mark and colon in java type checking and type conversion practice and homework lesson 5 6 answer key

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More