EasyTalk以系统身份向用户发XSS

出现问题的代码文件路径 : easytalk/Home/Lib/Action/ImAction.class.php
代码加载时
[php]
public function _initialize() {

parent::init();

}[/php]
没要求登录

而EasyTalk存储型XSS和以系统身份向任意用户发私信的漏洞在这代码
[php]
//发表聊天

public function sendmsg() {

$ret=D('Messages')->sendmsg(daddslashes($_POST['content']) ,daddslashes($_POST['nickname']),$this->my);

if ($ret=='success') {

echo json_encode(array("ret"=>'success',"tip"=>L('send_msg_success'),'data'=>array('nickname'=>$this->my['nickname'],'sendtime'=>timeop(time()),'conetnt'=>A('Content')->ubb($_POST['content']))));

} else {

echo json_encode(array("ret"=>'error',"tip"=>$ret));

}

}
[/php]
$_POST['content'] 为消息内容,可以注入XSS

$_POST['nickname'] 则是目标用户的用户名
1

2

发表评论