Exploit Titlei1/4PHPMyWind 5.3 has XSS Exploit Author:adege" Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind_5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql->GetOne("SELECT Max(orderid) AS orderid FROM `#@__message`"); $orderid= (empty($r['orderid']) ? 1 : ($r['orderid'] + 1)); $nickname= htmlspecialchars($nickname);//ae,,a(r)C/(xxx) $contact= htmlspecialchars($contact); //ec3>>ae1a1/4 $content= htmlspecialchars($content); //ce"aa(r)1 $posttime= GetMkTime(time()); $ip= gethostbyname($_SERVER['REMOTE_ADDR']); $sql= "INSERT INTO `#@__message` (siteid, nickname, contact, content, orderid, posttime, htop, rtop, checkinfo, ip) VALUES (1, '$nickname', '$contact', '$content', '$orderid', '$posttime', '', '', 'false', '$ip')"; if($dosql->ExecNoneQuery($sql)) { ShowMsg('ce"aeai1/4aeedegC/ae"cae-aei1/4','message.php'); exit(); } } a-a>>Y=caoa1/2?c"htmlspecialcharse?e!e?ae>>$?,a,|aY=aoa,. e*e?contentaaedega 127.0.0.1/PHPMyWind_5.3/admin/ message_update.php a?(r)ae1ce" GetOne("SELECT * FROM `#@__message` WHERE `id`=$id"); ?>
a?(r)ae1ce" a*aedeg
c"ae*ai1/4
ec3>>ae1a1/4i1/4
ce"aa(r)1i1/4