cmseasy最新版(20140718)存储型XSS盲打后台

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 存储型XSS可以盲打后台~ ### 详细说明: /lib/table/stats.php 13行getbot函数: ``` public static function getbot() { $ServerName = $_SERVER["SERVER_NAME"]; $ServerPort = $_SERVER["SERVER_PORT"]; $ScriptName = $_SERVER["SCRIPT_NAME"]; $QueryString = $_SERVER["QUERY_STRING"]; $serverip = $_SERVER["REMOTE_ADDR"]; $GetLocationURL=self::geturl(); $agent1 = $_SERVER["HTTP_USER_AGENT"]; $agent=strtolower($agent1); $Bot=""; if(strpos($agent,"googlebot")>-1) { $Bot = "Google"; } if(strpos($agent,"mediapartners-google")>-1) { $Bot = "Google Adsense"; } if(strpos($agent,"baiduspider")>-1) { $Bot = "Baidu"; } if(strpos($agent,"sogou")>-1) { $Bot = "Sogou"; } if(strpos($agent,"yahoo")>-1) { $Bot = "Yahoo!"; } if(strpos($agent,"msn")>-1) { $Bot = "MSN"; } if(strpos($agent,"soso")>-1) { $Bot = "Soso"; } if(strpos($agent,"iaarchiver")>-1) { $Bot = "Alexa"; } if(strpos($agent,"sohu")>-1) { $Bot = "Sohu"; } if(strpos($agent,"sqworm")>-1) { $Bot = "AOL"; } if(strpos($agent,"yodaobot")>-1) { $Bot = "Yodao"; }...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息