客客专业威客系统程序xss漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 参数完全没控制. 之前有个selfxss不给我审核过.. ### 详细说明: /control/user/shop_setting.php ``` <?php $strUrl = 'index.php?do=user&view=shop&op=setting'; $shopInfo=db_factory::get_one(sprintf(" select * from %switkey_shop where uid='%d' ",TABLEPRE,$gUid)); $objShopT = keke_table_class::get_instance('witkey_shop'); if (isset($formhash)&&kekezu::submitcheck($formhash)) { if (strtoupper ( CHARSET ) == 'GBK') { $shop_name = kekezu::utftogbk($shop_name ); $shop_slogans = kekezu::utftogbk($shop_slogans ); $seo_title = kekezu::utftogbk($seo_title ); $seo_keyword = kekezu::utftogbk($seo_keyword ); $seo_desc = kekezu::utftogbk($seo_desc ); } $arrData = array( 'shop_name'=>$shop_name, 'shop_slogans'=>$shop_slogans, 'seo_title'=>$seo_title, 'seo_keyword'=>$seo_keyword, 'seo_desc'=>$seo_desc, ); $intRes = $objShopT->save($arrData,array('shop_id'=>$shopInfo['shop_id'])); unset($objShopT); kekezu::show_msg('已保存',NULL,NULL,NULL,'ok'); } ``` http://localhost:81/keke/index.php?do=user&view=shop&op=setting...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息