Discuz! versions 7.2 and below suffer from a cross site scripting vulnerability.
560fd8e6e25b0619a343d5bc06be086fdb9c6e5d155e79da07ce5a7f44f0426e
There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in all version of Discuz!. It can be written by the worm!
Discuz! do not filter the Malicious code when user enter their personal signature, attacker can enter the xss code, Discuz! will save and run it! It maybe lead the propagation of worm!
For example:
we can register an user, and enter the xss code to our personal signature!
like:
</textarea><script>alert(/Liscker/);</script><textarea>
Vulnerable: Discuz! <=7.2 all version!
Liscker
2010.03.24
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed