DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component /dede/co_do.php via the dopost
, rpok
, aid
parameters.
Abstract
- Affected product: DedeCMS V5.7.97
- Attack type: Remote
- Affected component: /dede/co_do.php
- payload:
dopost=replace&rpok=1&aid='><scrIpt>alert(1)</script>\\
Detail
/dede/co_ do.php
line 156, the $aid
variable in the ShowMsg()
function is controllable. The $aid
variable is obtained from $_GET['aid']
.
文章评论