EasyTalk以系统身份向用户发XSS

出现问题的代码文件路径 : easytalk/Home/Lib/Action/ImAction.class.php 代码加载时 [php] public function _initialize() { parent::init(); }[/php] 没要求登录 而EasyTalk存储型XSS和以系统身份向任意用户发私信的漏洞在这代码 [php] //发表聊天 public function sendmsg() { $ret=D('Messages')->sendmsg(daddslashes($_POST['content']) ,daddslashes($_POST['nickname']),$this->my); if ($ret=='success') { echo json_encode(array("ret"=>'success',"tip"=>L('send_msg_success'),'data'=>array('nickname'=>$this->my['nickname'],'sendtime'=>timeop(time()),'conetnt'=>A('Content')->ubb($_POST['content'])))); } else { echo json_encode(array("ret"=>'error',"tip"=>$ret)); } } [/php] $_POST['content'] 为消息内容,可以注入XSS $_POST['nickname'] 则是目标用户的用户名 1 2

发表评论